VUL-0: ruby on rails multiple vulnerabilities

Overview Repositories Monitor Requests Users Subprojects Project Config Attributes Signing Keys Meta Status Pulse

VUL-0: ruby on rails multiple vulnerabilities

This update of rails fixes the following security issues:

CVE-2011-2930 - SQL-injection in quote_table_name function via specially crafted column names (bnc#712062)
CVE-2011-2931 - Cross-Site Scripting (XSS) in the strip_tags helper (bnc#712057)
CVE-2011-3186 - Response Splitting (bnc#712058)
CVE-2010-3933 - Arbitrary modification of records via specially crafted form parameters (bnc#712058)
CVE-2011-0446 - Cross-Site Scripting (XSS) in the mail_to helper (bnc#668817)
CVE-2011-0447 - Improper validation of 'X-Requested-With' header (bnc#668817)
CVE-2011-0448 - SQL-injection caused by improperly sanitized arguments to the limit function (bnc#668817)
CVE-2011-0449 - Bypass of access restrictions via specially crafted action names (bnc#668817)

4 build errors
Patchinfo missing
1 Release Target

Build Results

Refresh

Packages 27

Name	Changed

Places

VUL-0: ruby on rails multiple vulnerabilities

Comments 0

Places