-
rails (2.3.5-1.2ubuntu1.1) natty-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in
the mail_to helper
- Add 0001-Be-sure-to-javascript_escape-the-email-address-to-pr.patch
from Debian and fix Debian bug #629067 by replacing .html_safe with
html_escape()
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81
- CVE-2011-0446
- LP: #870846
* SECURITY UPDATE: rails does not properly validate HTTP requests that
contain an X-Requested-With header
- Add 0002-Change-the-CSRF-whitelisting-to-only-apply-to-get-re.patch
from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665
- CVE-2011-0447
* SECURITY UPDATE: multiple SQL injection vulnerabilities in the
quote_table_name method in the ActiveRecord adapters
- Add CVE-2011-2930.patch from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
- CVE-2011-2930
* SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the
strip_tags helper
- Add CVE-2011-2931.patch from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
- CVE-2011-2931
* SECURITY UPDATE: cross-site scripting vulnerability which allows remote
attackers to inject arbitrary web script or HTML via a malformed Unicode string
- Add CVE-2011-2932.patch, backported from upstream
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
- CVE-2011-2932
* SECURITY UPDATE: response splitting vulnerability
- Add CVE-2011-3186.patch from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
- CVE-2011-3186
-- Felix Geyer <email address hidden> Wed, 12 Oct 2011 20:05:02 +0200
-
rails (2.3.5-1.2ubuntu1) natty; urgency=low
* debian/patches/cdata-and-white-space-handling.patch: Handle CDATA and
improve white space handling, fixing a Segmentation Fault in some
circumstances. Patch based on subset of upstream commit range.
(LP: #670571)
-- Dave Walker (Daviey) <email address hidden> Wed, 16 Mar 2011 01:03:12 +0000
-
rails (2.3.5-1.2) unstable; urgency=high
* Non-maintainer upload.
[ Laurent Bigonville ]
* Fix documentation about default listening address (Closes: #583149)
[ Gunnar Wolf ]
* Modified a string that recommends the user to do Very Bad Things
(Closes: #603048)
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 30 Dec 2010 11:14:48 +0000
-
rails (2.3.5-1.1) unstable; urgency=low
* Non-maintainer upload.
* Added missing build-dependencies for rails-ruby1.8 on libactionpack-
ruby1.8, libactionmailer-ruby1.8 and libactiveresource-ruby1.8
(Closes: #587048)
* Fixed broken symlink to railties on new project generator (Closes:
#583219)
-- Micah Gersten <email address hidden> Thu, 26 Aug 2010 12:36:28 -0500