FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-rails -- multiple vulnerabilities

Affected packages
rubygem-rails < 3.2.13
rubygem-actionpack < 3.2.13
rubygem-activerecord < 3.2.13
rubygem-activesupport < 3.2.13

Details

VuXML ID db0c4b00-a24c-11e2-9601-000d601460a4
Discovery 2013-03-18
Entry 2013-04-10

Ruby on Rails team reports:

Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible.

Four vulnerabilities have been discovered and fixed:

  1. (CVE-2013-1854) Symbol DoS vulnerability in Active Record
  2. (CVE-2013-1855) XSS vulnerability in sanitize_css in Action Pack
  3. (CVE-2013-1856) XML Parsing Vulnerability affecting JRuby users
  4. (CVE-2013-1857) XSS Vulnerability in the `sanitize` helper of Ruby on Rails
[source]

References

CVE Name CVE-2013-1854
CVE Name CVE-2013-1856
CVE Name CVE-2013-1856
CVE Name CVE-2013-1857
URL http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
URL https://groups.google.com/forum/#!topic/ruby-security-ann/o0Dsdk2WrQ0
URL https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
URL https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
URL https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.