Overview

File _patchinfo of Package patchinfo.75

<patchinfo incident="75">
  <packager>lijews</packager>
  <issue tracker="cve" id="CVE-2013-0183"></issue>
  <issue tracker="cve" id="CVE-2013-0263"></issue>
  <issue tracker="cve" id="CVE-2013-0262"></issue>
  <issue tracker="cve" id="CVE-2013-0277"></issue>
  <issue tracker="cve" id="CVE-2013-0184"></issue>
  <issue tracker="cve" id="CVE-2013-0276"></issue>
  <issue tracker="bnc" id="803336">VUL-0: CVE-2013-0276: rubygem-activerecord*: Circumvention of attr_protected</issue>
  <issue tracker="bnc" id="798452">VUL-0: rubygem-rack*: 3 DoS conditions in Rack</issue>
  <issue tracker="bnc" id="803339">VUL-0: CVE-2013-0277: rubygem-activerecord-2_3: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>RubyOnRails: security version update to 2.3.17</summary>
  <description>The Ruby on Rails 2.3 stack was updated to 2.3.17.

  The Ruby Rack was updated to 1.1.6.

  The updates fix various security issues and bugs.

- update to version 2.3.17 (bnc#803336, bnc#803339)
  CVE-2013-0276 CVE-2013-0277:

- update to version 2.3.17 (bnc#803336, bnc#803339)
  CVE-2013-0276 CVE-2013-0277:
  - Fix issue with attr_protected where malformed input could
    circumvent protection
  - Fix Serialized Attributes YAML Vulnerability

- update to version 2.3.17 (bnc#803336, bnc#803339)
  CVE-2013-0276 CVE-2013-0277:
  - Fix issue with attr_protected where malformed input could
    circumvent protection
  - Fix Serialized Attributes YAML Vulnerability

- update to 1.1.6 (bnc#802794)
  * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places