Nathan Cutler's avatar

Nathan Cutler

smithfarm
ADMIN

What happens when an unstoppable force meets an immovable object?

Member of the groups
Involved Projects and Packages

This update of rails fixes the following security issues:

CVE-2011-2930 - SQL-injection in quote_table_name function via specially crafted column names (bnc#712062)
CVE-2011-2931 - Cross-Site Scripting (XSS) in the strip_tags helper (bnc#712057)
CVE-2011-3186 - Response Splitting (bnc#712058)
CVE-2010-3933 - Arbitrary modification of records via specially crafted form parameters (bnc#712058)
CVE-2011-0446 - Cross-Site Scripting (XSS) in the mail_to helper (bnc#668817)
CVE-2011-0447 - Improper validation of 'X-Requested-With' header (bnc#668817)
CVE-2011-0448 - SQL-injection caused by improperly sanitized arguments to the limit function (bnc#668817)
CVE-2011-0449 - Bypass of access restrictions via specially crafted action names (bnc#668817)

openSUSE Build Service is sponsored by