[SECURITY] Fedora 20 Update: rubygem-activerecord-4.0.0-4.fc20

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

[SECURITY] Fedora 19 Update: rubygem-activerecord-3.2.13-2.fc19

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Fedora Update for rubygem-activerecord FEDORA-2014-8065

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-activerecord FEDORA-2014-8089

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 20 : rubygem-activerecord-4.0.0-4.fc20 (2014-8065)

Fix for CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting and its regression Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as...

Fedora 19 : rubygem-activerecord-3.2.13-2.fc19 (2014-8089)

Fix for CVE-2014-3482: SQL injection vulnerability in 'bitstring' quoting Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

CVE-2013-0334 rubygem-bundler: 'bundle install' may install a gem from a source other than expected

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. A flaw was found in the way Bundler handled gems available from multiple sources. An attacker with access...

CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresqladapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. It was...

Critical: Red Hat Security Advisory: rubygem-openshift-origin-node security update

An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.6. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Critical: Red Hat Security Advisory: rubygem-openshift-origin-node security update

An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.8. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)

This update of rails fixes the following security issues : CVE-2011-2930 - SQL-injection in quotetablename function via specially crafted column names bnc712062 CVE-2011-2931 - Cross-Site Scripting XSS in the striptags helper bnc712057 CVE-2011-3186 - Response Splitting bnc712058 CVE-2010-3933 -...

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:0295-1)

rubygem-actionpack-32 was updated to fix security issues : - fix CVE-2014-0081: XSS Vulnerability in numbertocurrency, numbertopercentage and numbertohuman bnc864433 - fix CVE-2014-0082: Denial of Service Vulnerability in Action View when using render :text bnc864431 %NASLMINLEVEL 70300 C Tenable...

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:0009-1)

This update fixes the following security issues with rubygem-actionpack-32 : - fix CVE-2013-4389: rubygem-actionmailer-31: possible DoS vulnerability in the log subscriber component bnc846239 File CVE-2013-4389.patch contains the fix. - fix CVE-2013-4491: rubygem-actionpack: i18n missing...

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:0720-1)

fix CVE-2014-0130: rubygem-actionpack: directory traversal issue bnc876714 CVE-2014-0130.patch: contains the fix %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-396. The text...

openSUSE Security Update : rubygem-i18n / rubygem-i18n-0_6 (openSUSE-SU-2013:1930-1)

This update fixes the following security issue with rubygem-i18n : - fix bnc854166: CVE-2013-4492: rubygem-i18n: missing translation XSS. File CVE-2013-4492.patch.i18n.0.6.x contains the fix. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1904-1)

fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS bnc853625. File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS bnc853633. File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: numbertocurrency XSS...

openSUSE Security Update : rubygem-rdoc (openSUSE-SU-2013:0303-1)

rubgem rdoc was updated to fix a security issue : CVE-2013-0256: rubygem-rdoc: XSS exploit of RDoc documentation generated by rdoc - Ensured that rd parser files are generated before checking the manifest. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

openSUSE Security Update : rubygem-actionpack-2_3 (openSUSE-SU-2013:0662-1)

Changes in rubygem-actionpack-23 : - add 2 patches to fix security issues : - bug-8099352-3-csssanitize.patch: CVE-2013-1855: rubygem-actionpack: XSS vulnerability in sanitizecss in Action Pack bnc809935 - bug-8099402-3-sanitizeprotocol.patch: CVE-2013-1857: rubygem-actionpack: XSS Vulnerability ...

openSUSE Security Update : rubygem-activerecord-3_2 (openSUSE-SU-2013:0659-1)

Changes in rubygem-activerecord-32 : - add patch to fix security issue : - bug-8099323-2-attributesymbols.patch: fix CVE-2013-1854: rubygem-activerecord: Symbol DoS vulnerability in Active Record bnc809932 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

openSUSE Security Update : rubygem-devise (openSUSE-SU-2013:0374-1)

rubygem-devise was updated to version 1.5.4 fixing bugs and security issue : - wrong records may be read when sending specifically crafted requests bnc800955 CVE-2013-0233 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...