FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318524
Date:      2013-05-19
Time:      14:06:36Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
44fb0302-9d38-11dc-9114-001c2514716c	rubygem-rails -- JSON XSS vulnerability Rails core team reports: All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227. Discovery 2007-10-12 Entry 2007-11-28 Modified 2007-12-01 rubygem-rails lt 1.2.5 rubygem-activesupport lt 1.4.4 CVE-2007-3227
31db9a18-e289-11e1-a57d-080027a27dbf	rubygem-rails -- multiple vulnerabilities Rails core team reports: This version contains three important security fixes, please upgrade immediately. One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag's prompt option and strip_tags helper from ActionPack. CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt. CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code. CVE-2012-3465 XSS Vulnerability in strip_tags. Discovery 2012-08-08 Entry 2012-08-10 rubygem-rails lt 3.2.8 rubygem-actionpack lt 3.2.8 rubygem-activesupport lt 3.2.8 CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 https://groups.google.com/d/msg/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
44fb0302-9d38-11dc-9114-001c2514716c	rubygem-rails -- JSON XSS vulnerability Rails core team reports: All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227. Discovery 2007-10-12 Entry 2007-11-28 Modified 2007-12-01 rubygem-rails lt 1.2.5 rubygem-activesupport lt 1.4.4 CVE-2007-3227

VuXML ID

Description

44fb0302-9d38-11dc-9114-001c2514716c

rubygem-rails -- JSON XSS vulnerability

Rails core team reports:

All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227.

Discovery 2007-10-12
Entry 2007-11-28
Modified 2007-12-01
rubygem-rails

lt 1.2.5

rubygem-activesupport

lt 1.4.4

CVE-2007-3227

31db9a18-e289-11e1-a57d-080027a27dbf

rubygem-rails -- multiple vulnerabilities

Rails core team reports:

This version contains three important security fixes, please upgrade immediately.

One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag's prompt option and strip_tags helper from ActionPack.

CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt.

CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code.

CVE-2012-3465 XSS Vulnerability in strip_tags.

Discovery 2012-08-08
Entry 2012-08-10
rubygem-rails

lt 3.2.8

rubygem-actionpack

lt 3.2.8

rubygem-activesupport

lt 3.2.8

CVE-2012-3463
CVE-2012-3464
CVE-2012-3465
https://groups.google.com/d/msg/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J
https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J
http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/

44fb0302-9d38-11dc-9114-001c2514716c

rubygem-rails -- JSON XSS vulnerability

Rails core team reports:

All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227.

Discovery 2007-10-12
Entry 2007-11-28
Modified 2007-12-01
rubygem-rails

lt 1.2.5

rubygem-activesupport

lt 1.4.4

CVE-2007-3227