[Bug 280317] [NEW] Please sync rails 2.1.0-4 (universe) from Debian unstable (main).
Kees Cook
kees at ubuntu.com
Wed Oct 8 18:55:13 BST 2008
Public bug reported:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/rails
status confirmed
importance wishlist
subscribe ubuntu-archive
Please sync rails 2.1.0-4 (universe) from Debian unstable (main).
Changelog since current intrepid version 2.1.0-2:
rails (2.1.0-4) unstable; urgency=low
* Added a fix for binary data corruption with PostgreSQL backend. This
occurred whenever the binary data included ASCII value of \ followed
by three numbers.
* The fix in ActiveRecord to address SQL injection in :limit and :offset
was not complete. MySQL backend was still affected as it redefined the
problematic functions. Pulled in upstream patch.
-- Adam Majer <adamm at zombino.com> Tue, 23 Sep 2008 11:33:58 -0500
rails (2.1.0-3) unstable; urgency=high
* Security fix pulled from upstream for a REXML expansion
DoS. (CVE-2008-3790)
-- Adam Majer <adamm at zombino.com> Tue, 09 Sep 2008 00:00:34 -0500
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Kees Cook <kees at outflux.net>
iEYEARECAAYFAkjs8+EACgkQH/9LqRcGPm0dtQCfZCd9w9WGMu/NrCHGXZvEDaxu
gT4An03hfE5HUfMyteS+2GcqJrAHGcsq
=i6sU
-----END PGP SIGNATURE-----
** Affects: rails (Ubuntu)
Importance: Wishlist
Status: Confirmed
--
Please sync rails 2.1.0-4 (universe) from Debian unstable (main).
https://bugs.launchpad.net/bugs/280317
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list