Overview Repositories Revisions Requests Users Attributes Meta
RubyOnRails: security version update to 2.3.17

The Ruby on Rails 2.3 stack was updated to 2.3.17.

The Ruby Rack was updated to 1.1.6.

The updates fix various security issues and bugs.

- update to version 2.3.17 (bnc#803336, bnc#803339)
CVE-2013-0276 CVE-2013-0277:

- update to version 2.3.17 (bnc#803336, bnc#803339)
CVE-2013-0276 CVE-2013-0277:
- Fix issue with attr_protected where malformed input could
circumvent protection
- Fix Serialized Attributes YAML Vulnerability

- update to version 2.3.17 (bnc#803336, bnc#803339)
CVE-2013-0276 CVE-2013-0277:
- Fix issue with attr_protected where malformed input could
circumvent protection
- Fix Serialized Attributes YAML Vulnerability

- update to 1.1.6 (bnc#802794)
* Fix CVE-2013-0263, timing attack against Rack::Session::Cookie

Fixed bugs
CVE-CVE-2013-0183
CVE-CVE-2013-0263
CVE-CVE-2013-0262
CVE-CVE-2013-0277
CVE-CVE-2013-0184
CVE-CVE-2013-0276
bnc#803336
VUL-0: CVE-2013-0276: rubygem-activerecord*: Circumvention of attr_protected
bnc#798452
VUL-0: rubygem-rack*: 3 DoS conditions in Rack
bnc#803339
VUL-0: CVE-2013-0277: rubygem-activerecord-2_3: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
Selected Binaries
openSUSE Build Service is sponsored by
Places