---
- branch: pkgsrc-2012Q2
  date: Mon Aug 20 07:54:05 UTC 2012
  files:
  - new: 1.13.2.2
    old: 1.13.2.1
    path: pkgsrc/databases/ruby-activerecord3/distinfo
    pathrev: pkgsrc/databases/ruby-activerecord3/distinfo@1.13.2.2
    type: modified
  - new: 1.13.2.2
    old: 1.13.2.1
    path: pkgsrc/devel/ruby-activemodel/distinfo
    pathrev: pkgsrc/devel/ruby-activemodel/distinfo@1.13.2.2
    type: modified
  - new: 1.14.2.2
    old: 1.14.2.1
    path: pkgsrc/devel/ruby-activesupport3/distinfo
    pathrev: pkgsrc/devel/ruby-activesupport3/distinfo@1.14.2.2
    type: modified
  - new: 1.13.2.2
    old: 1.13.2.1
    path: pkgsrc/devel/ruby-railties/distinfo
    pathrev: pkgsrc/devel/ruby-railties/distinfo@1.13.2.2
    type: modified
  - new: 1.24.2.4
    old: 1.24.2.3
    path: pkgsrc/lang/ruby/rails.mk
    pathrev: pkgsrc/lang/ruby/rails.mk@1.24.2.4
    type: modified
  - new: 1.15.2.2
    old: 1.15.2.1
    path: pkgsrc/mail/ruby-actionmailer3/distinfo
    pathrev: pkgsrc/mail/ruby-actionmailer3/distinfo@1.15.2.2
    type: modified
  - new: 1.14.2.2
    old: 1.14.2.1
    path: pkgsrc/www/ruby-actionpack3/distinfo
    pathrev: pkgsrc/www/ruby-actionpack3/distinfo@1.14.2.2
    type: modified
  - new: 1.13.2.2
    old: 1.13.2.1
    path: pkgsrc/www/ruby-activeresource3/distinfo
    pathrev: pkgsrc/www/ruby-activeresource3/distinfo@1.13.2.2
    type: modified
  - new: 1.14.2.2
    old: 1.14.2.1
    path: pkgsrc/www/ruby-rails3/distinfo
    pathrev: pkgsrc/www/ruby-rails3/distinfo@1.14.2.2
    type: modified
  id: 20120820T075405Z.e3ae077923e0c9b7535d73d6ff54a10649aaf822
  log: "Pullup ticket #3903 - requested by taca\nRuby on Rails 3.0.17 security update.\n\nRevisions
    pulled up:\n- databases/ruby-activerecord3/distinfo                         1.15\n-
    devel/ruby-activemodel/distinfo                               1.15\n- devel/ruby-activesupport3/distinfo
    \                           1.16\n- devel/ruby-railties/distinfo                                  1.15\n-
    lang/ruby/rails.mk                                            1.28\n- mail/ruby-actionmailer3/distinfo
    \                             1.17\n- www/ruby-actionpack3/distinfo                                 1.16\n-
    www/ruby-activeresource3/distinfo                             1.15\n- www/ruby-rails3/distinfo
    \                                     1.16\n\n---\n   Module Name:\tpkgsrc\n   Committed
    By:\ttaca\n   Date:\t\tSun Aug 12 09:44:22 UTC 2012\n\n   Modified Files:\n   \tpkgsrc/lang/ruby:
    rails.mk\n\n   Log Message:\n   Start update of Ruby on Rails 3.0.17.\n\n---\n
    \  Module Name:\tpkgsrc\n   Committed By:\ttaca\n   Date:\t\tSun Aug 12 09:44:58
    UTC 2012\n\n   Modified Files:\n   \tpkgsrc/devel/ruby-activesupport3: distinfo\n\n
    \  Log Message:\n   Update ruby-activesupport3 to 3.0.17.\n\n   ## Rails 3.0.17
    (Aug 9, 2012)\n\n   * No changes.\n\n---\n   Module Name:\tpkgsrc\n   Committed
    By:\ttaca\n   Date:\t\tSun Aug 12 09:45:45 UTC 2012\n\n   Modified Files:\n   \tpkgsrc/devel/ruby-activemodel:
    distinfo\n\n   Log Message:\n   Update ruby-activemodel to 3.0.17.\n\n   ## Rails
    3.0.17 (Aug 9, 2012)\n\n   * No changes.\n\n---\n   Module Name:\tpkgsrc\n   Committed
    By:\ttaca\n   Date:\t\tSun Aug 12 09:46:45 UTC 2012\n\n   Modified Files:\n   \tpkgsrc/www/ruby-actionpack3:
    distinfo\n\n   Log Message:\n   Update ruby-actionpack3 to 3.0.17\n\n   ## Rails
    3.0.17 (Aug 9, 2012)\n\n   * There is an XSS vulnerability in the strip_tags helper
    in Ruby on Rails, the\n     helper doesn't correctly handle malformed html.  As
    a result an attacker can\n     execute arbitrary javascript through the use of
    specially crafted malformed\n     html.\n\n     *Marek from Nethemba (www.nethemba.com)
    & Santiago Pastorino*\n\n   * When a \"prompt\" value is supplied to the `select_tag`
    helper, the \"prompt\"\n     value is not escaped.  If untrusted data is not escaped,
    and is supplied as\n     the prompt value, there is a potential for XSS attacks.\n
    \    Vulnerable code will look something like this:\n       select_tag(\"name\",
    options, :prompt => UNTRUSTED_INPUT)\n\n     *Santiago Pastorino*\n\n---\n   Module
    Name:\tpkgsrc\n   Committed By:\ttaca\n   Date:\t\tSun Aug 12 09:47:45 UTC 2012\n\n
    \  Modified Files:\n   \tpkgsrc/databases/ruby-activerecord3: distinfo\n\n   Log
    Message:\n   Update ruby-activerecord3 to 3.0.17.\n\n   ## Rails 3.0.17 (Aug 9,
    2012)\n\n   * Fix type_to_sql with text and limit on mysql/mysql2 (GH #7252)\n\n---\n
    \  Module Name:\tpkgsrc\n   Committed By:\ttaca\n   Date:\t\tSun Aug 12 09:48:26
    UTC 2012\n\n   Modified Files:\n   \tpkgsrc/mail/ruby-actionmailer3: distinfo\n\n
    \  Log Message:\n   Update ruby-actionmailer3 to 3.0.17.\n\n   ## Rails 3.0.17
    (Aug 9, 2012)\n\n   * No changes.\n\n---\n   Module Name:\tpkgsrc\n   Committed
    By:\ttaca\n   Date:\t\tSun Aug 12 09:49:01 UTC 2012\n\n   Modified Files:\n   \tpkgsrc/devel/ruby-railties:
    distinfo\n\n   Log Message:\n   Update ruby-railties to 3.0.17.\n\n   ## Rails
    3.0.17 (Aug 9, 2012)\n\n   * No changes.\n\n---\n   Module Name:\tpkgsrc\n   Committed
    By:\ttaca\n   Date:\t\tSun Aug 12 09:50:41 UTC 2012\n\n   Modified Files:\n   \tpkgsrc/www/ruby-rails3:
    distinfo\n\n   Log Message:\n   Update ruby-rails3 to 3.0.17.\n\n   This is a
    meta-like package and no changes.\n\n---\n   Module Name:\tpkgsrc\n   Committed
    By:\ttaca\n   Date:\t\tWed Aug 15 15:58:23 UTC 2012\n\n   Modified Files:\n   \tpkgsrc/www/ruby-activeresource3:
    distinfo\n\n   Log Message:\n   Oops, missed from commit for ruby-activeresource3.\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2012Q2] pkgsrc'
  unixtime: '1345449245'
  user: sbd