Back to bug 1114427
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Murray McAllister | 2014-06-30 04:57:07 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2014-06-30 04:57:07 UTC | Doc Type | --- | Bug Fix |
| Murray McAllister | 2014-06-30 05:04:05 UTC | Blocks | 1114429 | |
| Tomas Hoger | 2014-07-01 08:56:34 UTC | CC | jrusnack | |
| Tomas Hoger | 2014-07-02 08:33:04 UTC | Depends On | 1115335 | |
| Tomas Hoger | 2014-07-02 08:33:15 UTC | Depends On | 1115336 | |
| Kurt Seifried | 2014-07-02 17:37:19 UTC | Whiteboard | impact=moderate,public=no,reported=20140630,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected,epel-5/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,rhscl-1/ruby193-rubygem-activerecord=notaffected,openstack-3/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,openshift-1/ruby193-rubygem-activerecord=notaffected | impact=moderate,public=20140702,reported=20140630,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected,epel-5/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,rhscl-1/ruby193-rubygem-activerecord=notaffected,openstack-3/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,openshift-1/ruby193-rubygem-activerecord=notaffected |
| Kurt Seifried | 2014-07-02 17:39:17 UTC | Summary | EMBARGOED CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting | CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting |
| Kurt Seifried | 2014-07-02 17:39:19 UTC | Group | security, qe_staff | |
| Murray McAllister | 2014-07-03 05:57:41 UTC | Attachment #913248 Attachment is obsolete | 0 | 1 |
| Murray McAllister | 2014-07-03 05:58:27 UTC | Attachment #913249 Attachment is obsolete | 0 | 1 |
| Murray McAllister | 2014-07-03 06:09:26 UTC | Depends On | 1115777 | |
| Tomas Hoger | 2014-07-03 07:00:15 UTC | Fixed In Version | rubygem-activerecord 4.0.7, rubygem-activerecord 4.1.3. | |
| Martin Prpič | 2014-07-14 09:26:17 UTC | Doc Text | It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record. | |
| Ján Rusnačko | 2014-10-20 11:59:53 UTC | Whiteboard | impact=moderate,public=20140702,reported=20140630,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected,epel-5/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,rhscl-1/ruby193-rubygem-activerecord=notaffected,openstack-3/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,openshift-1/ruby193-rubygem-activerecord=notaffected | impact=moderate,public=20140702,reported=20140630,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected,epel-5/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,rhscl-1/ruby193-rubygem-activerecord=notaffected,openstack-3/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,openshift-1/ruby193-rubygem-activerecord=notaffected,cwe=CWE-89 |
| John Skeoch | 2015-01-04 22:47:22 UTC | CC | vdanen | |
| Vincent Danen | 2015-01-05 16:59:33 UTC | CC | vdanen | |
| Product Security DevOps Team | 2019-09-29 13:19:27 UTC | Whiteboard | impact=moderate,public=20140702,reported=20140630,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected,epel-5/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,rhscl-1/ruby193-rubygem-activerecord=notaffected,openstack-3/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,openshift-1/ruby193-rubygem-activerecord=notaffected,cwe=CWE-89 | |
| Ján Rusnačko | 2020-03-04 11:35:31 UTC | CC | jrusnack | |
| Joshua Padman | 2021-10-20 10:45:28 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2021-10-20 10:45:28 UTC |
Back to bug 1114427