- Update rails and friends to 3.2.8

- Document security issue in 3.2.7 [1]

Submitted by:	bdrewery [1]
Reviewed by:	swills [1]
Security:	31db9a18-e289-11e1-a57d-080027a27dbf
This commit is contained in:
Steve Wills 2012-08-10 02:50:53 +00:00
parent b4a6cb421f
commit b73b27a91a
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=302373
17 changed files with 69 additions and 24 deletions

View file

@ -5,7 +5,7 @@
# $FreeBSD$
PORTNAME= activemodel
PORTVERSION= 3.2.7
PORTVERSION= 3.2.8
CATEGORIES= databases rubygems
MASTER_SITES= RG

View file

@ -1,2 +1,2 @@
SHA256 (rubygem/activemodel-3.2.7.gem) = 3f26d0a483707fd1afa51d3d223edb4dc3a58f64b17967c5fdd3438a9878eabb
SIZE (rubygem/activemodel-3.2.7.gem) = 45056
SHA256 (rubygem/activemodel-3.2.8.gem) = 1b923af58a49050026148d3707d2f291f251e3788594e0f666e60d9052a4a527
SIZE (rubygem/activemodel-3.2.8.gem) = 45056

View file

@ -5,7 +5,7 @@
# $FreeBSD$
PORTNAME= activerecord
PORTVERSION= 3.2.7
PORTVERSION= 3.2.8
CATEGORIES= databases rubygems
MASTER_SITES= RG

View file

@ -1,2 +1,2 @@
SHA256 (rubygem/activerecord-3.2.7.gem) = ac88108e26250dfb47174c1236d2b53d180c95a67893d07d8bd0a1b43860447a
SIZE (rubygem/activerecord-3.2.7.gem) = 389632
SHA256 (rubygem/activerecord-3.2.8.gem) = 5cf7c68f8921708c84df3035c4274b6cc2a25510b52ef5a4037581fdeff30deb
SIZE (rubygem/activerecord-3.2.8.gem) = 390144

View file

@ -5,7 +5,7 @@
# $FreeBSD$
PORTNAME= activesupport
PORTVERSION= 3.2.7
PORTVERSION= 3.2.8
CATEGORIES= devel rubygems
MASTER_SITES= RG

View file

@ -1,2 +1,2 @@
SHA256 (rubygem/activesupport-3.2.7.gem) = 57ead42bd8d4405d2f180436a47059f13f586f7034a25d03614735d151f7ad67
SIZE (rubygem/activesupport-3.2.7.gem) = 314880
SHA256 (rubygem/activesupport-3.2.8.gem) = 708b2067c4a50a1118fcae61e008741fcd37d0d9faadab433f8760ee67524aef
SIZE (rubygem/activesupport-3.2.8.gem) = 314880

View file

@ -5,7 +5,7 @@
# $FreeBSD$
PORTNAME= actionmailer
PORTVERSION= 3.2.7
PORTVERSION= 3.2.8
CATEGORIES= mail rubygems
MASTER_SITES= RG

View file

@ -1,2 +1,2 @@
SHA256 (rubygem/actionmailer-3.2.7.gem) = 215ac28cd776d5829fefd0a6309957aac90a7b2d2b2ea0ba13ab28eb599f5380
SIZE (rubygem/actionmailer-3.2.7.gem) = 27136
SHA256 (rubygem/actionmailer-3.2.8.gem) = e11fc08905b7f65137db2b1d97fe75d1920e516e442b1b32ffa863293b85bf51
SIZE (rubygem/actionmailer-3.2.8.gem) = 27136

View file

@ -52,6 +52,51 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="31db9a18-e289-11e1-a57d-080027a27dbf">
<topic>rubygem-rails -- multiple vulnerabilities</topic>
<affects>
<package>
<name>rubygem-rails</name>
<range><lt>3.2.8</lt></range>
</package>
<package>
<name>rubygem-actionpack</name>
<range><lt>3.2.8</lt></range>
</package>
<package>
<name>rubygem-activesupport</name>
<range><lt>3.2.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Rails core team reports:</p>
<blockquote cite="http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/">
<p>This version contains three important security fixes, please upgrade immediately.</p>
<p>One of security fixes impacts all users and is related to HTML escaping code. The
other two fixes impacts people using select_tag's prompt option and strip_tags
helper from ActionPack.</p>
<p>CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt.</p>
<p>CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code.</p>
<p>CVE-2012-3465 XSS Vulnerability in strip_tags.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2012-3463</cvename>
<cvename>CVE-2012-3464</cvename>
<cvename>CVE-2012-3465</cvename>
<url>https://groups.google.com/d/msg/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ</url>
<url>https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J</url>
<url>https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J</url>
<url>http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/</url>
</references>
<dates>
<discovery>2012-08-08</discovery>
<entry>2012-08-10</entry>
</dates>
</vuln>
<vuln vid="8675efd5-e22c-11e1-a808-002354ed89bc">
<topic>sudosh -- buffer overflow</topic>
<affects>

View file

@ -5,7 +5,7 @@
# $FreeBSD$
PORTNAME= actionpack
PORTVERSION= 3.2.7
PORTVERSION= 3.2.8
CATEGORIES= www rubygems
MASTER_SITES= RG

View file

@ -1,2 +1,2 @@
SHA256 (rubygem/actionpack-3.2.7.gem) = 1b56a3c9daddf4c0dfda66ac7482c6e2f80c95a0c1d36045f60a6b19f08f148f
SIZE (rubygem/actionpack-3.2.7.gem) = 379392
SHA256 (rubygem/actionpack-3.2.8.gem) = e21eef12e2aaf5df30bab49ab1efbddb992781411a0e6f0ac67fc697901e08fd
SIZE (rubygem/actionpack-3.2.8.gem) = 379392

View file

@ -5,7 +5,7 @@
# $FreeBSD$
PORTNAME= activeresource
PORTVERSION= 3.2.7
PORTVERSION= 3.2.8
CATEGORIES= www rubygems
MASTER_SITES= RG

View file

@ -1,2 +1,2 @@
SHA256 (rubygem/activeresource-3.2.7.gem) = 1c3e60e79abf585677c96e552b49741484dfc3f6e39ef1e0a9ef5bcdf7456cac
SIZE (rubygem/activeresource-3.2.7.gem) = 36864
SHA256 (rubygem/activeresource-3.2.8.gem) = c2a056f792864190c03d5fa5e0dec2d7926d4f0c5c6331084031de592ccf435a
SIZE (rubygem/activeresource-3.2.8.gem) = 36864

View file

@ -5,7 +5,7 @@
# $FreeBSD$
PORTNAME= rails
PORTVERSION= 3.2.7
PORTVERSION= 3.2.8
CATEGORIES= www rubygems
MASTER_SITES= RG

View file

@ -1,2 +1,2 @@
SHA256 (rubygem/rails-3.2.7.gem) = 8aad4faaabd497b3c4f07a02b9720e3111c7fa0967cf7d4d7a9c18b88d13997f
SIZE (rubygem/rails-3.2.7.gem) = 3584
SHA256 (rubygem/rails-3.2.8.gem) = f671d492f91e52e203c99cd989682df89993abaca8b4861732afe1413ead7fcc
SIZE (rubygem/rails-3.2.8.gem) = 3584

View file

@ -5,7 +5,7 @@
# $FreeBSD$
PORTNAME= railties
PORTVERSION= 3.2.7
PORTVERSION= 3.2.8
CATEGORIES= www rubygems
MASTER_SITES= RG

View file

@ -1,2 +1,2 @@
SHA256 (rubygem/railties-3.2.7.gem) = 260544fa15fc05f48feab4b753be30216c954e6b81a00719d7aaae8d0887acc0
SIZE (rubygem/railties-3.2.7.gem) = 1629696
SHA256 (rubygem/railties-3.2.8.gem) = a4d3d7cea3490bf352f51cc6897e4ea62c9ee12a75671cfff55cc6f3450a5bff
SIZE (rubygem/railties-3.2.8.gem) = 1630208