Snippets Groups Projects

Vulnerability in ruby-activerecord < 2.3.13 may allow SQL injection

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930

Solution

- Upgrade to 2.3.13

- Patches:

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

(from redmine: issue id 977, created on 2012-01-31, closed on 2012-02-01)

Changesets:
- Revision 49ebdcb8 by Natanael Copa on 2012-01-31T15:56:10Z:

main/ruby-activerecord: security upgrade to 2.3.14 (CVE-2011-2930)

fixes #977

Revision caf610bb by Natanael Copa on 2012-01-31T16:04:36Z:

main/ruby-activerecord: security upgrade to 2.3.14 (CVE-2011-2930)

fixes #977
(cherry picked from commit 49ebdcb8aff6bdfa648f9187099c0af96536f438)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Child items 0

No child items are currently assigned. Use child items to break down this issue into smaller parts.

Activity

Leonardo Arena changed milestone to %Alpine 2.4.0 13 years ago

changed milestone to %Alpine 2.4.0
Leonardo Arena added High type:bug + 1 deleted label 13 years ago

added High type:bug + 1 deleted label
Natanael Copa @ncopa · 13 years ago

Owner

Applied in changeset commit:caf610bb.

(from redmine: written on 2012-01-31)
Natanael Copa @ncopa · 13 years ago

Owner

Applied in changeset commit:49ebdcb8.

(from redmine: written on 2012-01-31)
algitbot closed 5 years ago

closed

Please register or sign in to reply

Labels

priority:high type:bug-report

Milestone

Alpine 2.4.0 (expired)

Due date

None

Confidentiality

Confidentiality controls have moved to the issue actions menu () at the top of the page.

3 Participants