(RHSA-2014:0877) Moderate: ror40-rubygem-activerecord security update

Ruby on Rails is a model-view-controller (MVC) framework for web
application development. Active Record implements object-relational mapping
for accessing database entries using objects.

It was discovered that Active Record did not properly quote values of the
range type attributes when using the PostgreSQL database adapter. A remote
attacker could possibly use this flaw to conduct an SQL injection attack
against applications using Active Record. (CVE-2014-3483)

Red Hat would like to thank the Ruby on Rails project for reporting this
issue. Upstream acknowledges Sean Griffin of thoughtbot as the original
reporter.

All ror40-rubygem-activerecord users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.