Bug 462308
Summary: | CVE-2008-4094 Security: rubygem-activesupport 2.1.1 is available, please update | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Robert Scheck <redhat-bugzilla> |
Component: | rubygem-activesupport | Assignee: | David Lutterkort <lutter> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | hbrock, jlieskov, mastahnke, security-response-team, sseago |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-09-28 18:38:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Robert Scheck
2008-09-15 09:30:14 UTC
Other references: http://rails.lighthouseapp.com/projects/8994/tickets/288 Proposed patch: http://rails.lighthouseapp.com/attachments/25290/0001-adding-sql-injection-fixes-for-limit-and-offset.patch This issue affects all versions of rubygem-activesupport package, as shipped within Fedora releases of 8, 9 and 10 and within the Extra Packages for Enterprise Linux (EPEL) project. rubygem-activesupport-2.1.1-1.fc9,rubygem-activerecord-2.1.1-1.fc9,rubygem-actionpack-2.1.1-1.fc9,rubygem-actionmailer-2.1.1-1.fc9,rubygem-activeresource-2.1.1-1.fc9,rubygem-rails-2.1.1-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/rubygem-activesupport-2.1.1-1.fc9,rubygem-activerecord-2.1.1-1.fc9,rubygem-actionpack-2.1.1-1.fc9,rubygem-actionmailer-2.1.1-1.fc9,rubygem-activeresource-2.1.1-1.fc9,rubygem-rails-2.1.1-1.fc9 rubygems-1.2.0-2.fc8,rubygem-activesupport-2.1.1-1.fc8,rubygem-activerecord-2.1.1-1.fc8,rubygem-actionpack-2.1.1-1.fc8,rubygem-actionmailer-2.1.1-1.fc8,rubygem-activeresource-2.1.1-1.fc8,rubygem-rails-2.1.1-2.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/rubygems-1.2.0-2.fc8,rubygem-activesupport-2.1.1-1.fc8,rubygem-activerecord-2.1.1-1.fc8,rubygem-actionpack-2.1.1-1.fc8,rubygem-actionmailer-2.1.1-1.fc8,rubygem-activeresource-2.1.1-1.fc8,rubygem-rails-2.1.1-2.fc8 rubygems-1.2.0-2.fc8, rubygem-activesupport-2.1.1-1.fc8, rubygem-activerecord-2.1.1-1.fc8, rubygem-actionpack-2.1.1-1.fc8, rubygem-actionmailer-2.1.1-1.fc8, rubygem-activeresource-2.1.1-1.fc8, rubygem-rails-2.1.1-2.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update rubygems rubygem-activesupport rubygem-activerecord rubygem-actionpack rubygem-actionmailer rubygem-activeresource rubygem-rails'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-8282 rubygem-activesupport-2.1.1-1.fc9, rubygem-activerecord-2.1.1-1.fc9, rubygem-actionpack-2.1.1-1.fc9, rubygem-actionmailer-2.1.1-1.fc9, rubygem-activeresource-2.1.1-1.fc9, rubygems-1.2.0-2.fc9, rubygem-rails-2.1.1-2.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update rubygem-activesupport rubygem-activerecord rubygem-actionpack rubygem-actionmailer rubygem-activeresource rubygems rubygem-rails'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8322 rubygem-activesupport-2.1.1-1.fc9, rubygem-activerecord-2.1.1-1.fc9, rubygem-actionpack-2.1.1-1.fc9, rubygem-actionmailer-2.1.1-1.fc9, rubygem-activeresource-2.1.1-1.fc9, rubygems-1.2.0-2.fc9, rubygem-rails-2.1.1-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. rubygems-1.2.0-2.fc8, rubygem-activesupport-2.1.1-1.fc8, rubygem-activerecord-2.1.1-1.fc8, rubygem-actionpack-2.1.1-1.fc8, rubygem-actionmailer-2.1.1-1.fc8, rubygem-activeresource-2.1.1-1.fc8, rubygem-rails-2.1.1-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. |