---
- branch: MAIN
  date: Tue Jan 29 15:38:40 UTC 2013
  files:
  - new: '1.18'
    old: '1.17'
    path: pkgsrc/devel/ruby-activemodel/distinfo
    pathrev: pkgsrc/devel/ruby-activemodel/distinfo@1.18
    type: modified
  id: 20130129T153840Z.642ae2a45a0bfd82424abb27a8faa841b5c4c87b
  log: |
    Update ruby-activemodel to 3.0.20.

    Fix CVE-2013-0333.

    There is a vulnerability in the JSON  code for Ruby on Rails which
    allows attackers to bypass authentication systems, inject arbitrary
    SQL, inject and execute arbitrary code, or perform a DoS attack on a
    Rails application.

    ## Rails 3.0.20 (unreleased)

    * Fix XML serialization of methods that return nil to not be
      considered as YAML (GH #8853 and GH #492)
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/devel/ruby-activemodel'
  unixtime: '1359473920'
  user: taca