Overview

File _patchinfo of Package patchinfo.import5440

<patchinfo incident="rubygem-actionmailer" version="5440">
  <issue tracker="bnc" id="712062" />
  <issue tracker="bnc" id="712057" />
  <issue tracker="bnc" id="712058" />
  <issue tracker="bnc" id="668817" />
  <issue tracker="CVE" id="CVE-2011-2930" />
  <issue tracker="CVE" id="CVE-2011-2931" />
  <issue tracker="CVE" id="CVE-2011-3186" />
  <issue tracker="CVE" id="CVE-2010-3933" />
  <issue tracker="CVE" id="CVE-2011-0446" />
  <issue tracker="CVE" id="CVE-2011-0447" />
  <issue tracker="CVE" id="CVE-2011-0448" />
  <issue tracker="CVE" id="CVE-2011-0449" />
  <category>security</category>
  <rating>low</rating>
  <summary>VUL-0: ruby on rails multiple vulnerabilities</summary>
  <description>This update of rails fixes the following security issues:

CVE-2011-2930 - SQL-injection in quote_table_name function
via specially crafted column names (bnc#712062)
CVE-2011-2931 - Cross-Site Scripting (XSS) in the
strip_tags helper (bnc#712057) CVE-2011-3186 - Response
Splitting (bnc#712058) CVE-2010-3933 - Arbitrary
modification of records via specially crafted form
parameters (bnc#712058) CVE-2011-0446 - Cross-Site
Scripting (XSS) in the mail_to helper (bnc#668817)
CVE-2011-0447 - Improper validation of 'X-Requested-With'
header (bnc#668817) CVE-2011-0448 - SQL-injection caused by
improperly sanitized arguments to the limit function
(bnc#668817) CVE-2011-0449 - Bypass of access restrictions
via specially crafted action names (bnc#668817)
</description>
  <packager>adrianSuSE</packager>
</patchinfo>
openSUSE Build Service is sponsored by
Places