Now
pkgsrc-2012Q2 commitmail json YAML
pkgsrc/databases/ruby-activerecord31/distinfo@1.4.2.2
/
diff
pkgsrc/devel/ruby-activemodel31/distinfo@1.4.2.2 / diff
pkgsrc/devel/ruby-activesupport31/distinfo@1.5.2.2 / diff
pkgsrc/devel/ruby-railties31/distinfo@1.4.2.2 / diff
pkgsrc/lang/ruby/rails.mk@1.24.2.5 / diff
pkgsrc/mail/ruby-actionmailer31/distinfo@1.4.2.2 / diff
pkgsrc/www/ruby-actionpack31/distinfo@1.5.2.2 / diff
pkgsrc/www/ruby-activeresource31/distinfo@1.4.2.2 / diff
pkgsrc/www/ruby-rails31/distinfo@1.4.2.2 / diff
pkgsrc/devel/ruby-activemodel31/distinfo@1.4.2.2 / diff
pkgsrc/devel/ruby-activesupport31/distinfo@1.5.2.2 / diff
pkgsrc/devel/ruby-railties31/distinfo@1.4.2.2 / diff
pkgsrc/lang/ruby/rails.mk@1.24.2.5 / diff
pkgsrc/mail/ruby-actionmailer31/distinfo@1.4.2.2 / diff
pkgsrc/www/ruby-actionpack31/distinfo@1.5.2.2 / diff
pkgsrc/www/ruby-activeresource31/distinfo@1.4.2.2 / diff
pkgsrc/www/ruby-rails31/distinfo@1.4.2.2 / diff
Pullup ticket #3902 - requested by taca
Ruby on Rails 3.1.8 security update
Revisions pulled up:
- databases/ruby-activerecord31/distinfo 1.6
- devel/ruby-activemodel31/distinfo 1.6
- devel/ruby-activesupport31/distinfo 1.7
- devel/ruby-railties31/distinfo 1.6
- lang/ruby/rails.mk 1.29
- mail/ruby-actionmailer31/distinfo 1.6
- www/ruby-actionpack31/distinfo 1.7
- www/ruby-activeresource31/distinfo 1.6
- www/ruby-rails31/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:32:52 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start Ruby on Rails 3.1.8.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:33:18 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport31: distinfo
Log Message:
Update ruby-activesupport31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:33:48 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel31: distinfo
Log Message:
Update ruby-activemodel31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:34:38 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack31: distinfo
Log Message:
Update ruby-actionpack31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the
"prompt" value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value,
there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:35:20 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord31: distinfo
Log Message:
Update ruby-activerecord31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:36:35 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource31: distinfo
Log Message:
Update ruby-activeresource31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:37:22 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer31: distinfo
Log Message:
Update ruby-actionmailer31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:37:52 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties31: distinfo
Log Message:
Update ruby-railties31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:38:45 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails31: distinfo
Log Message:
Update ruby-rails31 to 3.1.8.
This is a meta-like package and no changes.
Ruby on Rails 3.1.8 security update
Revisions pulled up:
- databases/ruby-activerecord31/distinfo 1.6
- devel/ruby-activemodel31/distinfo 1.6
- devel/ruby-activesupport31/distinfo 1.7
- devel/ruby-railties31/distinfo 1.6
- lang/ruby/rails.mk 1.29
- mail/ruby-actionmailer31/distinfo 1.6
- www/ruby-actionpack31/distinfo 1.7
- www/ruby-activeresource31/distinfo 1.6
- www/ruby-rails31/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:32:52 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start Ruby on Rails 3.1.8.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:33:18 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport31: distinfo
Log Message:
Update ruby-activesupport31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:33:48 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel31: distinfo
Log Message:
Update ruby-activemodel31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:34:38 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack31: distinfo
Log Message:
Update ruby-actionpack31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the
"prompt" value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value,
there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:35:20 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord31: distinfo
Log Message:
Update ruby-activerecord31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:36:35 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource31: distinfo
Log Message:
Update ruby-activeresource31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:37:22 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer31: distinfo
Log Message:
Update ruby-actionmailer31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:37:52 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties31: distinfo
Log Message:
Update ruby-railties31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:38:45 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails31: distinfo
Log Message:
Update ruby-rails31 to 3.1.8.
This is a meta-like package and no changes.