stable

rubygem-actionpack-2.3.18-1.el5, rubygem-activerecord-2.3.18-1.el5, & 1 more

FEDORA-EPEL-2014-3549 created by stahnma 10 years ago for Fedora EPEL 5

Rebase to 2.3.18 in EPEL5. This is a security rollup.

  • Bug 1095122 - CVE-2014-0130
  • Bug 1095125 - CVE-2014-0130
  • Bug 677626 - CVE-2011-0446
  • Bug 677629 - CVE-2011-0446, CVE-2011-0447
  • Bug 677631 - CVE-2011-0447
  • Bug 731435 - CVE-2011-2932
  • Bug 731438 - CVE-2011-2930
  • Bug 731450 - CVE-2011-2932
  • Bug 731453 - CVE-2011-2930
  • Bug 744706 - CVE-2010-3933
  • Bug 831583 - CVE-2012-2695
  • Bug 843924 - CVE-2012-3424
  • Bug 847202 - CVE-2013-0156
  • Bug 891468 - CVE-2012-5664
  • Bug 905373 - CVE-2013-0333
  • Bug 921329 - CVE-2013-1854
  • Bug 924297 - CVE-2013-1855, CVE-2013-1857
  • Bug 924318 - CVE-2013-1854
  • Bug 948706 - CVE-2013-0276

This update has been submitted for testing by stahnma.

10 years ago

This update is currently being pushed to the Fedora EPEL 5 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

10 years ago

This update has been submitted for stable by stahnma.

10 years ago

This update is currently being pushed to the Fedora EPEL 5 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
BZ#677626 CVE-2011-0446 rubygem-actionpack: Multiple XSS flaws via crafted name or email value in the mail_to_helper
0
0
BZ#677629 CVE-2011-0446 CVE-2011-0447 rubygem-actionpack various flaws [epel-5]
0
0
BZ#677631 CVE-2011-0447 rubygem-actionpack: CSRF flaws due improper validation of HTTP headers containing X-Requested-With header
0
0
BZ#731435 CVE-2011-2932 rubygem-activesupport: XSS vulnerability in escaping function (Ruby on Rails)
0
0
BZ#731438 CVE-2011-2930 rubygem-activerecord: SQL injection vulnerability in quote_table_name (Ruby on Rails)
0
0
BZ#731450 rubygem-activesupport: XSS vulnerability in escaping function (Ruby on Rails) [epel-5]
0
0
BZ#731453 rubygem-activerecord: SQL injection vulnerability in quote_table_name (Ruby on Rails) [epel-5]
0
0
BZ#744706 CVE-2010-3933 rubygem-activerecord: Improper nested attributes management
0
0
BZ#831583 CVE-2012-2695 rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661) [epel-5]
0
0
BZ#843924 CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest [epel-5]
0
0
BZ#847202 CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 CVE-2013-0156 rubygem-actionpack various flaws [epel-5]
0
0
BZ#891468 CVE-2012-6496 rubygem-activerecord: find_by_* SQL Injection [epel-5]
0
0
BZ#905373 CVE-2013-0333 rubygem-activesupport: json to yaml parsing [epel-5]
0
0
BZ#921329 CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability
0
0
BZ#924297 CVE-2013-1855 CVE-2013-1857 rubygem-actionpack various flaws [epel-5]
0
0
BZ#924318 CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability [epel-5]
0
0
BZ#948706 CVE-2013-0276 rubygem-activerecord/rubygem-activemodel: circumvention of attr_protected [epel-5]
0
0
BZ#1095122 CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [epel-5]
0
0
BZ#1095125 CVE-2014-0130 rubygem-activerecord: Ruby on Rails: directory traversal issue [epel-5]
0
0

Automated Test Results