File _patchinfo of Package patchinfo

<patchinfo incident="rubygem-rails">
  <packager>lijews</packager>
  <issue tracker="bnc" id="798452">VUL-0: 3 DoS conditions in Rack</issue>
  <issue tracker="bnc" id="797452">VUL-0: ruby: Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156)</issue>
  <issue tracker="bnc" id="797449">VUL-0: ruby: Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)</issue>
  <issue tracker="bnc" id="796712">VUL-0: CVE-2012-5664: rubygem-activerecord: SQL Injection Vulnerability in Active Record</issue>
  <issue tracker="cve" id="CVE-2013-0333"></issue>
  <issue tracker="cve" id="CVE-2013-0156"></issue>
  <issue tracker="cve" id="CVE-2013-0155"></issue>
  <issue tracker="cve" id="CVE-2012-5664"></issue>
  <issue tracker="cve" id="CVE-2012-2695"></issue>
  <issue tracker="bnc" id="798458">VUL-1: CVE-2013-0179: memcached: DoS when printing out keys to be deleted in  verbose mode</issue>
  <issue tracker="bnc" id="800320">VUL-0: CVE-2013-0333: rails: Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3</issue>
  <issue tracker="bnc" id="775653">VUL-0: CVE-2012-3464: rubygem-rails: XSS flaws when validating single quote characters</issue>
  <issue tracker="bnc" id="775649">VUL-0: CVE-2012-3465: rubygem-rails: strip_tags helper incorrenctly handels malformed HTML resulting in XSS flaw</issue>
  <issue tracker="bnc" id="766792">VUL-0: rubygem-activerecord: SQL Injection (CVE-2012-2695)</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>ruby on rails security update to 2.3.16</summary>
  <description>This update updates the RubyOnRails 2.3 stack to 2.3.16.

Security and bugfixes were done, foremost:
CVE-2013-0333: A JSON sql/code injection problem was fixed.
CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed.
CVE-2012-2695: A SQL injection via nested hashes in conditions was fixed.
CVE-2013-0155: Unsafe Query Generation Risk in Ruby on Rails was fixed.
CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack were fixed.
CVE-2012-5664: options hashes should only be extracted if there are extra parameters
CVE-2012-2695: Fix SQL injection via nested hashes in conditions
CVE-2013-0156: Hash.from_xml raises when it encounters type="symbol" or type="yaml". Use Hash.from_trusted_xml to parse this XM
</description>
</patchinfo>
openSUSE Build Service is sponsored by