---
- branch: MAIN
  date: Wed Aug 17 14:12:42 UTC 2011
  files:
  - new: '1.21'
    old: '1.20'
    path: pkgsrc/databases/ruby-activerecord/PLIST
    pathrev: pkgsrc/databases/ruby-activerecord/PLIST@1.21
    type: modified
  - new: '1.23'
    old: '1.22'
    path: pkgsrc/databases/ruby-activerecord/distinfo
    pathrev: pkgsrc/databases/ruby-activerecord/distinfo@1.23
    type: modified
  id: 20110817T141242Z.cb94fcbb84963595d578ae39e3f2ea2c7a80beea
  log: |
    Update ruby-activerecord package to 2.3.14.

    2.3.14:

    Security fix:

    The quote_table_name method in the ActiveRecord adapaters for Ruby on
    Rails were initially created solely for the purpose of escaping
    reserved words encountered in table names.  However over time 3rd
    party libraries, and rails itself, grew to rely on those functions as
    a way to sanitize potentially malicious user input.  As a result these
    functions need to be hardened to manage malicious input rather than
    assuming they're being passed benign values generated by rails itself.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/databases/ruby-activerecord'
  unixtime: '1313590362'
  user: taca