1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update

    From Moritz Muehlenhoff@1:229/2 to All on Sat Jul 19 12:20:01 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2982-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
    July 19, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ruby-activerecord-3.2
    CVE ID : CVE-2014-3482 CVE-2014-3483

    Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter
    for Active Record which could lead to SQL injection.

    For the stable distribution (wheezy), these problems have been fixed in
    version 3.2.6-5+deb7u1. Debian provides two variants of "Ruby on Rails"
    in Wheezy (2.3 and 3.2). Support for the 2.3 variants had to be ceased
    at this point. This affects the following source packages: ruby-actionmailer-2.3, ruby-actionpack-2.3 ruby-activerecord-2.3, ruby-activeresource-2.3, ruby-activesupport-2.3 and ruby-rails-2.3. The
    version of Redmine in Wheezy still requires 2.3, you can use an updated
    version from backports.debian.org which is compatible with rails 3.2.

    For the unstable distribution (sid), these problems have been fixed in
    version 3.2.19-1 of the rails-3.2 source package.

    We recommend that you upgrade your ruby-activerecord-3.2 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJTykOCAAoJEBDCk7bDfE4212QP/02xh9SxMXSQ+K/UGeCNrcEk ndZUWOwHsNmEzd7lauAfD8RiBTVSaHULS46LElcjlIhsEm3c28G7E+iyiRXbHzn/ HHVmwCuiqctXH2gcz0xct/uzUHCBG0OD6Q+EjERHo9SNirUtftjZUCekP6C8Qx3H +fuvsGrvFupU1Ckio+zSTzgodBY807JIbTbX3VR3h0o2ckYFveIOvLtR7+c+a0QF zR60hgoHQTFuwF7oaCJPb9+KMnFki0SyyOtEDbWpCoQ3mwmlvepQfYIc+jI8bEni S7d/XWqzfqSrhRSfNkFnNLEOMRFZPhrA82G9RPQJ2/h2qh8GH6tUYZh3nL96BX03 kc+y96QZvSVYGIM8AYirZu2n5vGdaY9/kUtwIU3xUfPPtQ2mbvalYSIqy1gpAVbw HCKBI5UW8L/AJBSCnWVVLWIxaepLN6ldf/8f27Q3wwJ3OQDPSgohji0QeZik2Uro APMR1Bmi21r4MmbcoBk4Xq1KeHnqXzrdUOZvqxTKT+8LMXTDGZNRFo8WWYNHS/DN y98ud8YyhtdAQMlO5hCHycTdRhvrW6Bjf7j/CCKBmOy/Ni0Y3FT/wIB/OMnMO+zj XS1BDSDUdwIcuJ/+vjm4Gi37ByIe3QsRa2IASJs6Y0NaVk6guu2iuB8lWcA+OxOp rhl2V1RLej6qxzaZGgGw
    =1eAA
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)