Change log for ruby-activerecord-2.3 package in Ubuntu

ruby-activerecord-2.3 (2.3.14-6) unstable; urgency=high


  * [CVE-2013-1854]: Fix symbol DoS vulnerability in Active Record

 -- Ondřej Surý <email address hidden>  Tue, 19 Mar 2013 09:19:24 +0100

Available diffs

• diff from 2.3.14-5 to 2.3.14-6 (835 bytes)

ruby-activerecord-2.3 (2.3.14-5) unstable; urgency=high


  * Fix circumvention of attr_protected [CVE-2013-0276]
  * Fix serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277]

 -- Ondřej Surý <email address hidden>  Tue, 12 Feb 2013 17:04:53 +0100

Available diffs

• diff from 2.3.14-4 to 2.3.14-5 (2.1 KiB)

ruby-activerecord-2.3 (2.3.14-1ubuntu0.11.10.1) oneiric-security; urgency=low

  * SECURITY UPDATE: unsafe query generation risk (LP: #1100188)
    - debian/patches/CVE-2013-0155.patch: added patch from Debian 2.3.14-4.
    - CVE-2013-0155
 -- Marc Deslauriers <email address hidden>   Fri, 18 Jan 2013 08:34:35 -0500

Available diffs

• diff from 2.3.14-1 (in Ubuntu) to 2.3.14-1ubuntu0.11.10.1 (1.7 KiB)

ruby-activerecord-2.3 (2.3.14-1ubuntu0.12.04.1) precise-security; urgency=low

  * SECURITY UPDATE: unsafe query generation risk (LP: #1100188)
    - debian/patches/CVE-2013-0155.patch: added patch from Debian 2.3.14-4.
    - CVE-2013-0155
 -- Marc Deslauriers <email address hidden>   Fri, 18 Jan 2013 08:33:13 -0500

Available diffs

• diff from 2.3.14-1 (in Ubuntu) to 2.3.14-1ubuntu0.12.04.1 (1.7 KiB)

ruby-activerecord-2.3 (2.3.14-2ubuntu0.1) quantal-security; urgency=low

  * SECURITY UPDATE: unsafe query generation risk (LP: #1100188)
    - debian/patches/CVE-2013-0155.patch: added patch from Debian 2.3.14-4.
    - CVE-2013-0155
 -- Marc Deslauriers <email address hidden>   Fri, 18 Jan 2013 08:28:45 -0500

Available diffs

• diff from 2.3.14-2 (in Debian) to 2.3.14-2ubuntu0.1 (1.7 KiB)

ruby-activerecord-2.3 (2.3.14-4) unstable; urgency=high


  * Team upload.
  * debian/patches/CVE-2013-0155.patch: fix Unsafe Query Generation Risk.

 -- Antonio Terceiro <email address hidden>  Tue, 15 Jan 2013 21:16:20 -0300

Available diffs

• diff from 2.3.14-3 to 2.3.14-4 (1.3 KiB)

ruby-activerecord-2.3 (2.3.14-3) unstable; urgency=high


  * Team upload.
  * debian/patches/2-3-dynamic_finder_injection.patch: fix SQL injection
    vulnerability (CVE-2012-5664).

 -- Antonio Terceiro <email address hidden>  Thu, 03 Jan 2013 11:43:56 -0300

Available diffs

• diff from 2.3.14-2 to 2.3.14-3 (1.5 KiB)

ruby-activerecord-2.3 (2.3.14-2) unstable; urgency=low


  * Team upload.
  * debian/control.in:
    - Bumped standards-version to 3.9.3.
    - Bumped build-dependency on gem2deb to >= 0.3.0~.
    - Changed conflicts into breaks.
  * debian/copyright: fixed to to fit the Debian copyright format version 1.0.

 -- Paul van Tilburg <email address hidden>  Fri, 29 Jun 2012 19:37:28 +0200

Available diffs

• diff from 2.3.14-1 (in Ubuntu) to 2.3.14-2 (1.5 KiB)

ruby-activerecord-2.3 (2.3.14-1) unstable; urgency=low

  * Imported Upstream version 2.3.14
  * Add debian/control dependency on metadata.yml, so it does get
    rebuild on new upstream version
  * Update debian/control dependencies on 2.3.14
 -- Matthias Klose <email address hidden>   Thu,  29 Sep 2011 13:12:03 +0000

Available diffs

• diff from 2.3.11-3 to 2.3.14-1 (3.8 KiB)

ruby-activerecord-2.3 (2.3.11-3) unstable; urgency=low

  * Merged a patch from src:rails to fix for binary data corruption with
    PostgreSQL backend. This occurred whenever the binary data included
    ASCII value of \ followed by three numbers.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  08 Jun 2011 11:30:21 +0000

Available diffs

• diff from 2.3.11-2 to 2.3.11-3 (762 bytes)

ruby-activerecord-2.3 (2.3.11-2) unstable; urgency=low

  * Use RAILS_VERSION from metadata.yml to generate dependencies