Tue Jan 29 15:38:40 2013 UTC ()
Update ruby-activemodel to 3.0.20.

Fix CVE-2013-0333.

There is a vulnerability in the JSON  code for Ruby on Rails which
allows attackers to bypass authentication systems, inject arbitrary
SQL, inject and execute arbitrary code, or perform a DoS attack on a
Rails application.

## Rails 3.0.20 (unreleased)

* Fix XML serialization of methods that return nil to not be
  considered as YAML (GH #8853 and GH #492)


(taca)
diff -r1.17 -r1.18 pkgsrc/devel/ruby-activemodel/distinfo
cvs diff -r1.17 -r1.18 pkgsrc/devel/ruby-activemodel/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/ruby-activemodel/Attic/distinfo 2013/01/09 12:26:20 1.17
+++ pkgsrc/devel/ruby-activemodel/Attic/distinfo 2013/01/29 15:38:40 1.18
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.17 2013/01/09 12:26:20 taca Exp $ 1$NetBSD: distinfo,v 1.18 2013/01/29 15:38:40 taca Exp $
2 2
3SHA1 (activemodel-3.0.19.gem) = f0fb577ea7446ff229752bc799ca86dd53aa9cda 3SHA1 (activemodel-3.0.20.gem) = 80c7d881ed64ed7a66f4d82b12c2b98b43f6fbde
4RMD160 (activemodel-3.0.19.gem) = b79defa8b68fa49226429a0f616659f8aab7bf4f 4RMD160 (activemodel-3.0.20.gem) = 20c74da6d7a173a5d5a252a138afa5b132f9a7b9
5Size (activemodel-3.0.19.gem) = 38912 bytes 5Size (activemodel-3.0.20.gem) = 38912 bytes