diff options
author | sbd <sbd> | 2012-08-20 08:19:36 +0000 |
---|---|---|
committer | sbd <sbd> | 2012-08-20 08:19:36 +0000 |
commit | a3490635e097ae6187565d2964a53648159df645 (patch) | |
tree | 9214954fc7718c523260b27e5bcdd6c8e03d72d8 /www | |
parent | 51a622c60111da3d312e5cc3f1483f5dd5b2c4ee (diff) | |
download | pkgsrc-a3490635e097ae6187565d2964a53648159df645.tar.gz |
Pullup ticket #3902 - requested by taca
Ruby on Rails 3.1.8 security update
Revisions pulled up:
- databases/ruby-activerecord31/distinfo 1.6
- devel/ruby-activemodel31/distinfo 1.6
- devel/ruby-activesupport31/distinfo 1.7
- devel/ruby-railties31/distinfo 1.6
- lang/ruby/rails.mk 1.29
- mail/ruby-actionmailer31/distinfo 1.6
- www/ruby-actionpack31/distinfo 1.7
- www/ruby-activeresource31/distinfo 1.6
- www/ruby-rails31/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:32:52 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start Ruby on Rails 3.1.8.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:33:18 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport31: distinfo
Log Message:
Update ruby-activesupport31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:33:48 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel31: distinfo
Log Message:
Update ruby-activemodel31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:34:38 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack31: distinfo
Log Message:
Update ruby-actionpack31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the
"prompt" value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value,
there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:35:20 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord31: distinfo
Log Message:
Update ruby-activerecord31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:36:35 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource31: distinfo
Log Message:
Update ruby-activeresource31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:37:22 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer31: distinfo
Log Message:
Update ruby-actionmailer31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:37:52 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties31: distinfo
Log Message:
Update ruby-railties31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:38:45 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails31: distinfo
Log Message:
Update ruby-rails31 to 3.1.8.
This is a meta-like package and no changes.
Diffstat (limited to 'www')
-rw-r--r-- | www/ruby-actionpack31/distinfo | 8 | ||||
-rw-r--r-- | www/ruby-activeresource31/distinfo | 8 | ||||
-rw-r--r-- | www/ruby-rails31/distinfo | 8 |
3 files changed, 12 insertions, 12 deletions
diff --git a/www/ruby-actionpack31/distinfo b/www/ruby-actionpack31/distinfo index e49b63400dc..c2249c1c309 100644 --- a/www/ruby-actionpack31/distinfo +++ b/www/ruby-actionpack31/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.5.2.1 2012/08/12 14:26:14 tron Exp $ +$NetBSD: distinfo,v 1.5.2.2 2012/08/20 08:19:36 sbd Exp $ -SHA1 (actionpack-3.1.7.gem) = d6d7d99e6b4c30f80ca5a1d321f44aefeb5583cf -RMD160 (actionpack-3.1.7.gem) = b49e3389c06c965c43aeb3a18893bcd44bd5797b -Size (actionpack-3.1.7.gem) = 367616 bytes +SHA1 (actionpack-3.1.8.gem) = 20d22f75b553e897808269ad308405570d2c874b +RMD160 (actionpack-3.1.8.gem) = 9343ed89627b3a9dd6d4eca3d82a9d66fae09853 +Size (actionpack-3.1.8.gem) = 368128 bytes diff --git a/www/ruby-activeresource31/distinfo b/www/ruby-activeresource31/distinfo index c169f164338..ce332c7495f 100644 --- a/www/ruby-activeresource31/distinfo +++ b/www/ruby-activeresource31/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.4.2.1 2012/08/12 14:26:15 tron Exp $ +$NetBSD: distinfo,v 1.4.2.2 2012/08/20 08:19:36 sbd Exp $ -SHA1 (activeresource-3.1.7.gem) = cd2e8ae08db6b289084802b52a19bebcaaf3a6ce -RMD160 (activeresource-3.1.7.gem) = 94a878f59406ca4d8b117c4a7f54f6cb0ab91e2c -Size (activeresource-3.1.7.gem) = 36352 bytes +SHA1 (activeresource-3.1.8.gem) = aa7593702ade6b4bdf7b2db5cb9318915533894b +RMD160 (activeresource-3.1.8.gem) = c35e5d27b7c34cc3847d5ea8663b822ffa66314e +Size (activeresource-3.1.8.gem) = 36864 bytes diff --git a/www/ruby-rails31/distinfo b/www/ruby-rails31/distinfo index ea2ed1bac82..0ed1ec4a76d 100644 --- a/www/ruby-rails31/distinfo +++ b/www/ruby-rails31/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.4.2.1 2012/08/12 14:26:15 tron Exp $ +$NetBSD: distinfo,v 1.4.2.2 2012/08/20 08:19:37 sbd Exp $ -SHA1 (rails-3.1.7.gem) = a0e428916d71574c1b2f2c0c1c1b7338fb714449 -RMD160 (rails-3.1.7.gem) = c2e26596d670974dd830793150e16888cfc95035 -Size (rails-3.1.7.gem) = 3584 bytes +SHA1 (rails-3.1.8.gem) = 1d830ef845c5600eeb947cb32158bde8af1cf7f8 +RMD160 (rails-3.1.8.gem) = c4be33a6e2fb0124041edc79123231492d81d4e6 +Size (rails-3.1.8.gem) = 3584 bytes |