Rebase to 2.3.18 in EPEL5. This is a security rollup.

  • Bug 1095122 - CVE-2014-0130
  • Bug 1095125 - CVE-2014-0130
  • Bug 677626 - CVE-2011-0446
  • Bug 677629 - CVE-2011-0446, CVE-2011-0447
  • Bug 677631 - CVE-2011-0447
  • Bug 731435 - CVE-2011-2932
  • Bug 731438 - CVE-2011-2930
  • Bug 731450 - CVE-2011-2932
  • Bug 731453 - CVE-2011-2930
  • Bug 744706 - CVE-2010-3933
  • Bug 831583 - CVE-2012-2695
  • Bug 843924 - CVE-2012-3424
  • Bug 847202 - CVE-2013-0156
  • Bug 891468 - CVE-2012-5664
  • Bug 905373 - CVE-2013-0333
  • Bug 921329 - CVE-2013-1854
  • Bug 924297 - CVE-2013-1855, CVE-2013-1857
  • Bug 924318 - CVE-2013-1854
  • Bug 948706 - CVE-2013-0276

This update has been submitted for testing by stahnma.

5 years ago

This update is currently being pushed to the Fedora EPEL 5 testing updates repository.

5 years ago

This update has been pushed to testing

5 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

5 years ago

This update has been submitted for stable by stahnma.

5 years ago

This update is currently being pushed to the Fedora EPEL 5 stable updates repository.

5 years ago

This update has been pushed to stable

5 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
BZ#677626 CVE-2011-0446 rubygem-actionpack: Multiple XSS flaws via crafted name or email value in the mail_to_helper
0
0
BZ#677629 CVE-2011-0446 CVE-2011-0447 rubygem-actionpack various flaws [epel-5]
0
0
BZ#677631 CVE-2011-0447 rubygem-actionpack: CSRF flaws due improper validation of HTTP headers containing X-Requested-With header
0
0
BZ#731435 CVE-2011-2932 rubygem-activesupport: XSS vulnerability in escaping function (Ruby on Rails)
0
0
BZ#731438 CVE-2011-2930 rubygem-activerecord: SQL injection vulnerability in quote_table_name (Ruby on Rails)
0
0
BZ#731450 rubygem-activesupport: XSS vulnerability in escaping function (Ruby on Rails) [epel-5]
0
0
BZ#731453 rubygem-activerecord: SQL injection vulnerability in quote_table_name (Ruby on Rails) [epel-5]
0
0
BZ#744706 CVE-2010-3933 rubygem-activerecord: Improper nested attributes management
0
0
BZ#831583 CVE-2012-2695 rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661) [epel-5]
0
0
BZ#843924 CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest [epel-5]
0
0
BZ#847202 CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 CVE-2013-0156 rubygem-actionpack various flaws [epel-5]
0
0
BZ#891468 CVE-2012-6496 rubygem-activerecord: find_by_* SQL Injection [epel-5]
0
0
BZ#905373 CVE-2013-0333 rubygem-activesupport: json to yaml parsing [epel-5]
0
0
BZ#921329 CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability
0
0
BZ#924297 CVE-2013-1855 CVE-2013-1857 rubygem-actionpack various flaws [epel-5]
0
0
BZ#924318 CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability [epel-5]
0
0
BZ#948706 CVE-2013-0276 rubygem-activerecord/rubygem-activemodel: circumvention of attr_protected [epel-5]
0
0
BZ#1095122 CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [epel-5]
0
0
BZ#1095125 CVE-2014-0130 rubygem-activerecord: Ruby on Rails: directory traversal issue [epel-5]
0
0

Automated Test Results