rails 2.3.5-1.1ubuntu0.1 source package in Ubuntu
Changelog
rails (2.3.5-1.1ubuntu0.1) maverick-security; urgency=low * SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper - Add 0001-Be-sure-to-javascript_escape-the-email-address-to-pr.patch from Debian and fix Debian bug #629067 by replacing .html_safe with html_escape() - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81 - CVE-2011-0446 - LP: #870846 * SECURITY UPDATE: rails does not properly validate HTTP requests that contain an X-Requested-With header - Add 0002-Change-the-CSRF-whitelisting-to-only-apply-to-get-re.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665 - CVE-2011-0447 * SECURITY UPDATE: multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters - Add CVE-2011-2930.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b - CVE-2011-2930 * SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the strip_tags helper - Add CVE-2011-2931.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12 - CVE-2011-2931 * SECURITY UPDATE: cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string - Add CVE-2011-2932.patch, backported from upstream - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195 - CVE-2011-2932 * SECURITY UPDATE: response splitting vulnerability - Add CVE-2011-3186.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768 - CVE-2011-3186 -- Felix Geyer <email address hidden> Wed, 12 Oct 2011 18:48:13 +0200
Upload details
- Uploaded by:
- Felix Geyer
- Sponsored by:
- Marc Deslauriers
- Uploaded to:
- Maverick
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- ruby
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
rails_2.3.5.orig.tar.gz | 3.0 MiB | f07416a3655ef24316e6fb8bd57bf00f5b06b9d6191cec15be93d08238ed1313 |
rails_2.3.5-1.1ubuntu0.1.debian.tar.gz | 23.2 KiB | 4251a9960b0ac6e6f8135eabc731fa0ff896b993063f99238cc54c8173a14d41 |
rails_2.3.5-1.1ubuntu0.1.dsc | 2.4 KiB | b1607aa1585d9b3c876bf9662e15260a293729a7af7e13d311464175fe6bfcf9 |
Available diffs
Binary packages built by this source
- libactionmailer-ruby: No summary available for libactionmailer-ruby in ubuntu maverick.
No description available for libactionmailer
-ruby in ubuntu maverick.
- libactionmailer-ruby1.8: No summary available for libactionmailer-ruby1.8 in ubuntu maverick.
No description available for libactionmailer
-ruby1. 8 in ubuntu maverick.
- libactionpack-ruby: No summary available for libactionpack-ruby in ubuntu maverick.
No description available for libactionpack-ruby in ubuntu maverick.
- libactionpack-ruby1.8: No summary available for libactionpack-ruby1.8 in ubuntu maverick.
No description available for libactionpack-
ruby1.8 in ubuntu maverick.
- libactiverecord-ruby: No summary available for libactiverecord-ruby in ubuntu maverick.
No description available for libactiverecord
-ruby in ubuntu maverick.
- libactiverecord-ruby1.8: No summary available for libactiverecord-ruby1.8 in ubuntu maverick.
No description available for libactiverecord
-ruby1. 8 in ubuntu maverick.
- libactiverecord-ruby1.9.1: No summary available for libactiverecord-ruby1.9.1 in ubuntu maverick.
No description available for libactiverecord
-ruby1. 9.1 in ubuntu maverick.
- libactiveresource-ruby: No summary available for libactiveresource-ruby in ubuntu maverick.
No description available for libactiveresour
ce-ruby in ubuntu maverick.
- libactiveresource-ruby1.8: No summary available for libactiveresource-ruby1.8 in ubuntu maverick.
No description available for libactiveresour
ce-ruby1. 8 in ubuntu maverick.
- libactivesupport-ruby: No summary available for libactivesupport-ruby in ubuntu maverick.
No description available for libactivesuppor
t-ruby in ubuntu maverick.
- libactivesupport-ruby1.8: No summary available for libactivesupport-ruby1.8 in ubuntu maverick.
No description available for libactivesuppor
t-ruby1. 8 in ubuntu maverick.
- libactivesupport-ruby1.9.1: No summary available for libactivesupport-ruby1.9.1 in ubuntu maverick.
No description available for libactivesuppor
t-ruby1. 9.1 in ubuntu maverick.
- rails: No summary available for rails in ubuntu maverick.
No description available for rails in ubuntu maverick.
- rails-doc: No summary available for rails-doc in ubuntu maverick.
No description available for rails-doc in ubuntu maverick.
- rails-ruby1.8: No summary available for rails-ruby1.8 in ubuntu maverick.
No description available for rails-ruby1.8 in ubuntu maverick.