The Ruby on Rails 2.3 stack was updated to 2.3.17.
The Ruby Rack was updated to 1.1.6.
The updates fix various security issues and bugs.
- update to version 2.3.17 (bnc#803336, bnc#803339)
CVE-2013-0276 CVE-2013-0277:
- update to version 2.3.17 (bnc#803336, bnc#803339)
CVE-2013-0276 CVE-2013-0277:
- Fix issue with attr_protected where malformed input could
circumvent protection
- Fix Serialized Attributes YAML Vulnerability
- update to version 2.3.17 (bnc#803336, bnc#803339)
CVE-2013-0276 CVE-2013-0277:
- Fix issue with attr_protected where malformed input could
circumvent protection
- Fix Serialized Attributes YAML Vulnerability
- update to 1.1.6 (bnc#802794)
* Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
- Submitted by Stefan Lijewski (lijews)