- Update rails and friends to 3.2.8
- Document security issue in 3.2.7 [1] Submitted by: bdrewery [1] Reviewed by: swills [1] Security: 31db9a18-e289-11e1-a57d-080027a27dbf
This commit is contained in:
parent
b4a6cb421f
commit
b73b27a91a
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=302373
17 changed files with 69 additions and 24 deletions
|
@ -5,7 +5,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= activemodel
|
||||
PORTVERSION= 3.2.7
|
||||
PORTVERSION= 3.2.8
|
||||
CATEGORIES= databases rubygems
|
||||
MASTER_SITES= RG
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
SHA256 (rubygem/activemodel-3.2.7.gem) = 3f26d0a483707fd1afa51d3d223edb4dc3a58f64b17967c5fdd3438a9878eabb
|
||||
SIZE (rubygem/activemodel-3.2.7.gem) = 45056
|
||||
SHA256 (rubygem/activemodel-3.2.8.gem) = 1b923af58a49050026148d3707d2f291f251e3788594e0f666e60d9052a4a527
|
||||
SIZE (rubygem/activemodel-3.2.8.gem) = 45056
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= activerecord
|
||||
PORTVERSION= 3.2.7
|
||||
PORTVERSION= 3.2.8
|
||||
CATEGORIES= databases rubygems
|
||||
MASTER_SITES= RG
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
SHA256 (rubygem/activerecord-3.2.7.gem) = ac88108e26250dfb47174c1236d2b53d180c95a67893d07d8bd0a1b43860447a
|
||||
SIZE (rubygem/activerecord-3.2.7.gem) = 389632
|
||||
SHA256 (rubygem/activerecord-3.2.8.gem) = 5cf7c68f8921708c84df3035c4274b6cc2a25510b52ef5a4037581fdeff30deb
|
||||
SIZE (rubygem/activerecord-3.2.8.gem) = 390144
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= activesupport
|
||||
PORTVERSION= 3.2.7
|
||||
PORTVERSION= 3.2.8
|
||||
CATEGORIES= devel rubygems
|
||||
MASTER_SITES= RG
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
SHA256 (rubygem/activesupport-3.2.7.gem) = 57ead42bd8d4405d2f180436a47059f13f586f7034a25d03614735d151f7ad67
|
||||
SIZE (rubygem/activesupport-3.2.7.gem) = 314880
|
||||
SHA256 (rubygem/activesupport-3.2.8.gem) = 708b2067c4a50a1118fcae61e008741fcd37d0d9faadab433f8760ee67524aef
|
||||
SIZE (rubygem/activesupport-3.2.8.gem) = 314880
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= actionmailer
|
||||
PORTVERSION= 3.2.7
|
||||
PORTVERSION= 3.2.8
|
||||
CATEGORIES= mail rubygems
|
||||
MASTER_SITES= RG
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
SHA256 (rubygem/actionmailer-3.2.7.gem) = 215ac28cd776d5829fefd0a6309957aac90a7b2d2b2ea0ba13ab28eb599f5380
|
||||
SIZE (rubygem/actionmailer-3.2.7.gem) = 27136
|
||||
SHA256 (rubygem/actionmailer-3.2.8.gem) = e11fc08905b7f65137db2b1d97fe75d1920e516e442b1b32ffa863293b85bf51
|
||||
SIZE (rubygem/actionmailer-3.2.8.gem) = 27136
|
||||
|
|
|
@ -52,6 +52,51 @@ Note: Please add new entries to the beginning of this file.
|
|||
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="31db9a18-e289-11e1-a57d-080027a27dbf">
|
||||
<topic>rubygem-rails -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>rubygem-rails</name>
|
||||
<range><lt>3.2.8</lt></range>
|
||||
</package>
|
||||
<package>
|
||||
<name>rubygem-actionpack</name>
|
||||
<range><lt>3.2.8</lt></range>
|
||||
</package>
|
||||
<package>
|
||||
<name>rubygem-activesupport</name>
|
||||
<range><lt>3.2.8</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Rails core team reports:</p>
|
||||
<blockquote cite="http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/">
|
||||
<p>This version contains three important security fixes, please upgrade immediately.</p>
|
||||
<p>One of security fixes impacts all users and is related to HTML escaping code. The
|
||||
other two fixes impacts people using select_tag's prompt option and strip_tags
|
||||
helper from ActionPack.</p>
|
||||
<p>CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt.</p>
|
||||
<p>CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code.</p>
|
||||
<p>CVE-2012-3465 XSS Vulnerability in strip_tags.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<cvename>CVE-2012-3463</cvename>
|
||||
<cvename>CVE-2012-3464</cvename>
|
||||
<cvename>CVE-2012-3465</cvename>
|
||||
<url>https://groups.google.com/d/msg/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ</url>
|
||||
<url>https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J</url>
|
||||
<url>https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J</url>
|
||||
<url>http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2012-08-08</discovery>
|
||||
<entry>2012-08-10</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="8675efd5-e22c-11e1-a808-002354ed89bc">
|
||||
<topic>sudosh -- buffer overflow</topic>
|
||||
<affects>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= actionpack
|
||||
PORTVERSION= 3.2.7
|
||||
PORTVERSION= 3.2.8
|
||||
CATEGORIES= www rubygems
|
||||
MASTER_SITES= RG
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
SHA256 (rubygem/actionpack-3.2.7.gem) = 1b56a3c9daddf4c0dfda66ac7482c6e2f80c95a0c1d36045f60a6b19f08f148f
|
||||
SIZE (rubygem/actionpack-3.2.7.gem) = 379392
|
||||
SHA256 (rubygem/actionpack-3.2.8.gem) = e21eef12e2aaf5df30bab49ab1efbddb992781411a0e6f0ac67fc697901e08fd
|
||||
SIZE (rubygem/actionpack-3.2.8.gem) = 379392
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= activeresource
|
||||
PORTVERSION= 3.2.7
|
||||
PORTVERSION= 3.2.8
|
||||
CATEGORIES= www rubygems
|
||||
MASTER_SITES= RG
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
SHA256 (rubygem/activeresource-3.2.7.gem) = 1c3e60e79abf585677c96e552b49741484dfc3f6e39ef1e0a9ef5bcdf7456cac
|
||||
SIZE (rubygem/activeresource-3.2.7.gem) = 36864
|
||||
SHA256 (rubygem/activeresource-3.2.8.gem) = c2a056f792864190c03d5fa5e0dec2d7926d4f0c5c6331084031de592ccf435a
|
||||
SIZE (rubygem/activeresource-3.2.8.gem) = 36864
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= rails
|
||||
PORTVERSION= 3.2.7
|
||||
PORTVERSION= 3.2.8
|
||||
CATEGORIES= www rubygems
|
||||
MASTER_SITES= RG
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
SHA256 (rubygem/rails-3.2.7.gem) = 8aad4faaabd497b3c4f07a02b9720e3111c7fa0967cf7d4d7a9c18b88d13997f
|
||||
SIZE (rubygem/rails-3.2.7.gem) = 3584
|
||||
SHA256 (rubygem/rails-3.2.8.gem) = f671d492f91e52e203c99cd989682df89993abaca8b4861732afe1413ead7fcc
|
||||
SIZE (rubygem/rails-3.2.8.gem) = 3584
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= railties
|
||||
PORTVERSION= 3.2.7
|
||||
PORTVERSION= 3.2.8
|
||||
CATEGORIES= www rubygems
|
||||
MASTER_SITES= RG
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
SHA256 (rubygem/railties-3.2.7.gem) = 260544fa15fc05f48feab4b753be30216c954e6b81a00719d7aaae8d0887acc0
|
||||
SIZE (rubygem/railties-3.2.7.gem) = 1629696
|
||||
SHA256 (rubygem/railties-3.2.8.gem) = a4d3d7cea3490bf352f51cc6897e4ea62c9ee12a75671cfff55cc6f3450a5bff
|
||||
SIZE (rubygem/railties-3.2.8.gem) = 1630208
|
||||
|
|
Loading…
Reference in a new issue