rails - several

Several vulnerabilities have been discovered in Rails, the Ruby web
application framework. The Common Vulnerabilities and Exposures project
identifies the following problems:

• CVE-2009-4214
  A cross-site scripting (XSS) vulnerability had been found in the
  strip_tags function. An attacker may inject non-printable characters
  that certain browsers will then evaluate. This vulnerability only
  affects the oldstable distribution (lenny).
• CVE-2011-2930
  A SQL injection vulnerability had been found in the quote_table_name
  method that could allow malicious users to inject arbitrary SQL into a
  query.
• CVE-2011-2931
  A cross-site scripting (XSS) vulnerability had been found in the
  strip_tags helper. An parsing error can be exploited by an attacker,
  who can confuse the parser and may inject HTML tags into the output
  document.
• CVE-2011-3186
  A newline (CRLF) injection vulnerability had been found in
  response.rb. This vulnerability allows an attacker to inject arbitrary
  HTTP headers and conduct HTTP response splitting attacks via the
  Content-Type header.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.1.0-7+lenny2.

For the stable distribution (squeeze), this problem has been fixed in
version 2.3.5-1.2+squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 2.3.14.

We recommend that you upgrade your rails packages.