This update of rails fixes the following security issues:
CVE-2011-2930 - SQL-injection in quote_table_name function
via specially crafted column names (bnc#712062)
CVE-2011-2931 - Cross-Site Scripting (XSS) in the
strip_tags helper (bnc#712057) CVE-2011-3186 - Response
Splitting (bnc#712058) CVE-2010-3933 - Arbitrary
modification of records via specially crafted form
parameters (bnc#712058) CVE-2011-0446 - Cross-Site
Scripting (XSS) in the mail_to helper (bnc#668817)
CVE-2011-0447 - Improper validation of 'X-Requested-With'
header (bnc#668817) CVE-2011-0448 - SQL-injection caused by
improperly sanitized arguments to the limit function
(bnc#668817) CVE-2011-0449 - Bypass of access restrictions
via specially crafted action names (bnc#668817)
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5440