Fedora

Fedora EPEL 5 Security Update: rubygem-actionpack-2.3.18-1.el5,rubygem-activerecord-2.3.18-1.el5,rubygem-activesupport-2.3.18-1.el5

Leave a comment

Resolved Bugs
677626 – CVE-2011-0446 rubygem-actionpack: Multiple XSS flaws via crafted name or email value in the mail_to_helper
677629 – CVE-2011-0446 CVE-2011-0447 rubygem-actionpack various flaws [epel-5]
677631 – CVE-2011-0447 rubygem-actionpack: CSRF flaws due improper validation of HTTP headers containing X-Requested-With header
731435 – CVE-2011-2932 rubygem-activesupport: XSS vulnerability in escaping function (Ruby on Rails)
731438 – CVE-2011-2930 rubygem-activerecord: SQL injection vulnerability in quote_table_name (Ruby on Rails)
731450 – rubygem-activesupport: XSS vulnerability in escaping function (Ruby on Rails) [epel-5]
731453 – rubygem-activerecord: SQL injection vulnerability in quote_table_name (Ruby on Rails) [epel-5]
744706 – CVE-2010-3933 rubygem-activerecord: Improper nested attributes management
831583 – CVE-2012-2695 rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661) [epel-5]
843924 – CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest [epel-5]
847202 – CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 CVE-2013-0156 rubygem-actionpack various flaws [epel-5]
891468 – CVE-2012-6496 rubygem-activerecord: find_by_* SQL Injection [epel-5]
905373 – CVE-2013-0333 rubygem-activesupport: json to yaml parsing [epel-5]
921329 – CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability
924297 – CVE-2013-1855 CVE-2013-1857 rubygem-actionpack various flaws [epel-5]
924318 – CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability [epel-5]
948706 – CVE-2013-0276 rubygem-activerecord/rubygem-activemodel: circumvention of attr_protected [epel-5]
1095122 – CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [epel-5]
1095125 – CVE-2014-0130 rubygem-activerecord: Ruby on Rails: directory traversal issue [epel-5]<br
Rebase to 2.3.18 in EPEL5. This is a security rollup.
– Bug 1095122 – CVE-2014-0130
– Bug 1095125 – CVE-2014-0130
– Bug 677626 – CVE-2011-0446
– Bug 677629 – CVE-2011-0446, CVE-2011-0447
– Bug 677631 – CVE-2011-0447
– Bug 731435 – CVE-2011-2932
– Bug 731438 – CVE-2011-2930
– Bug 731450 – CVE-2011-2932
– Bug 731453 – CVE-2011-2930
– Bug 744706 – CVE-2010-3933
– Bug 831583 – CVE-2012-2695
– Bug 843924 – CVE-2012-3424
– Bug 847202 – CVE-2013-0156
– Bug 891468 – CVE-2012-5664
– Bug 905373 – CVE-2013-0333
– Bug 921329 – CVE-2013-1854
– Bug 924297 – CVE-2013-1855, CVE-2013-1857
– Bug 924318 – CVE-2013-1854
– Bug 948706 – CVE-2013-0276

Leave a Reply