Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="1299">
  <packager>darix</packager>
  <category>security</category>
  <rating>important</rating>
  <summary>ruby on rails security update to 2.3.16</summary>
<description>
This update updates the RubyOnRails 2.3 stack to 2.3.16, also
this update updates the RubyOnRails 3.2 stack to 3.2.11.

Security and bugfixes were done, foremost:
CVE-2013-0333: A JSON sql/code injection problem was fixed.
CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed.
CVE-2012-2695: A SQL injection via nested hashes in conditions was fixed.
CVE-2013-0155: Unsafe Query Generation Risk in Ruby on Rails was fixed.
CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack were fixed.
</description>
<issue tracker="bnc" id="766792"/>
<issue tracker="bnc" id="775649"/>
<issue tracker="bnc" id="775653"/>
<issue tracker="bnc" id="796712"/>
<issue tracker="bnc" id="797449"/>
<issue tracker="bnc" id="797452"/>
<issue tracker="bnc" id="798452"/>
<issue tracker="bnc" id="798458"/>
<issue tracker="bnc" id="800320"/>
<issue tracker="cve" id="CVE-2012-2695"/>
<issue tracker="cve" id="CVE-2012-5664"/>
<issue tracker="cve" id="CVE-2013-0155"/>
<issue tracker="cve" id="CVE-2013-0156"/>
<issue tracker="cve" id="CVE-2013-0333"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places