This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 462302 - CVE-2008-4094 Security: rubygem-rails 2.1.1 is available, please update
CVE-2008-4094 Security: rubygem-rails 2.1.1 is available, please update
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: rubygem-rails (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Lutterkort
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-15 04:54 EDT by Robert Scheck
Modified: 2013-04-30 19:40 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-28 14:38:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2008-09-15 04:54:42 EDT
Description of problem:
rubygem-rails 2.1.1 is available and fixes a security issue, please update
on all active branches; especially the EPEL ones. And for me it seems to work 
everywhere.

Version-Release number of selected component (if applicable):
rubygem-rails-2.1.0-1

Expected results:
rubygem-rails-2.1.1-1 or newer on all active branches.

Additional info:
http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
http://rails.lighthouseapp.com/projects/8994/tickets/964-fix-for-sql-injection-on-limit-and-offset-should-be-backported
http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
Comment 1 Jan Lieskovsky 2008-09-15 06:40:56 EDT
Other references:

http://rails.lighthouseapp.com/projects/8994/tickets/288

Proposed patch:

http://rails.lighthouseapp.com/attachments/25290/0001-adding-sql-injection-fixes-for-limit-and-offset.patch

This issue affects all versions of rubygem-rails package, as shipped
within Fedora releases of 8, 9 and 10 and within the Extra Packages
for Enterprise Linux (EPEL) project.
Comment 2 Fedora Update System 2008-09-16 17:54:05 EDT
rubygem-activesupport-2.1.1-1.fc9,rubygem-activerecord-2.1.1-1.fc9,rubygem-actionpack-2.1.1-1.fc9,rubygem-actionmailer-2.1.1-1.fc9,rubygem-activeresource-2.1.1-1.fc9,rubygem-rails-2.1.1-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/rubygem-activesupport-2.1.1-1.fc9,rubygem-activerecord-2.1.1-1.fc9,rubygem-actionpack-2.1.1-1.fc9,rubygem-actionmailer-2.1.1-1.fc9,rubygem-activeresource-2.1.1-1.fc9,rubygem-rails-2.1.1-1.fc9
Comment 3 Fedora Update System 2008-09-16 19:36:31 EDT
rubygems-1.2.0-2.fc8,rubygem-activesupport-2.1.1-1.fc8,rubygem-activerecord-2.1.1-1.fc8,rubygem-actionpack-2.1.1-1.fc8,rubygem-actionmailer-2.1.1-1.fc8,rubygem-activeresource-2.1.1-1.fc8,rubygem-rails-2.1.1-2.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/rubygems-1.2.0-2.fc8,rubygem-activesupport-2.1.1-1.fc8,rubygem-activerecord-2.1.1-1.fc8,rubygem-actionpack-2.1.1-1.fc8,rubygem-actionmailer-2.1.1-1.fc8,rubygem-activeresource-2.1.1-1.fc8,rubygem-rails-2.1.1-2.fc8
Comment 4 Fedora Update System 2008-09-24 20:16:27 EDT
rubygems-1.2.0-2.fc8, rubygem-activesupport-2.1.1-1.fc8, rubygem-activerecord-2.1.1-1.fc8, rubygem-actionpack-2.1.1-1.fc8, rubygem-actionmailer-2.1.1-1.fc8, rubygem-activeresource-2.1.1-1.fc8, rubygem-rails-2.1.1-2.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rubygems rubygem-activesupport rubygem-activerecord rubygem-actionpack rubygem-actionmailer rubygem-activeresource rubygem-rails'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-8282
Comment 5 Fedora Update System 2008-09-24 20:22:25 EDT
rubygem-activesupport-2.1.1-1.fc9, rubygem-activerecord-2.1.1-1.fc9, rubygem-actionpack-2.1.1-1.fc9, rubygem-actionmailer-2.1.1-1.fc9, rubygem-activeresource-2.1.1-1.fc9, rubygems-1.2.0-2.fc9, rubygem-rails-2.1.1-2.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rubygem-activesupport rubygem-activerecord rubygem-actionpack rubygem-actionmailer rubygem-activeresource rubygems rubygem-rails'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8322
Comment 6 Fedora Update System 2008-09-28 14:38:03 EDT
rubygem-activesupport-2.1.1-1.fc9, rubygem-activerecord-2.1.1-1.fc9, rubygem-actionpack-2.1.1-1.fc9, rubygem-actionmailer-2.1.1-1.fc9, rubygem-activeresource-2.1.1-1.fc9, rubygems-1.2.0-2.fc9, rubygem-rails-2.1.1-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2008-10-15 22:01:50 EDT
rubygems-1.2.0-2.fc8, rubygem-activesupport-2.1.1-1.fc8, rubygem-activerecord-2.1.1-1.fc8, rubygem-actionpack-2.1.1-1.fc8, rubygem-actionmailer-2.1.1-1.fc8, rubygem-activeresource-2.1.1-1.fc8, rubygem-rails-2.1.1-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.