FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351938
Date:      2014-04-23
Time:      13:36:36Z
Committer: lwhsu

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
be77eff6-ca91-11e0-aea3-00215c6a37bbrubygem-rails -- multiple vulnerabilities

SecurityFocus reports:

Ruby on Rails is prone to multiple vulnerabilities including SQL-injection, information-disclosure, HTTP-header-injection, security-bypass and cross-site scripting issues.


Discovery 2011-08-16
Entry 2011-08-19
rubygem-rails
lt 3.0.10

49179
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
be77eff6-ca91-11e0-aea3-00215c6a37bbrubygem-rails -- multiple vulnerabilities

SecurityFocus reports:

Ruby on Rails is prone to multiple vulnerabilities including SQL-injection, information-disclosure, HTTP-header-injection, security-bypass and cross-site scripting issues.


Discovery 2011-08-16
Entry 2011-08-19
rubygem-rails
lt 3.0.10

49179
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
8e8b8b94-7f1d-11dd-a66a-0019666436c2rubygem-rails -- SQL injection vulnerability

Jonathan Weiss reports, that it is possible to perform an SQL injection in Rails applications via not correctly sanitized :limit and :offset parameters. It is possible to change arbitrary values in affected tables or gain access to the sensitive data.


Discovery 2008-09-08
Entry 2008-09-10
Modified 2010-05-12
rubygem-rails
lt 2.2.2

CVE-2008-4094
http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
8e8b8b94-7f1d-11dd-a66a-0019666436c2rubygem-rails -- SQL injection vulnerability

Jonathan Weiss reports, that it is possible to perform an SQL injection in Rails applications via not correctly sanitized :limit and :offset parameters. It is possible to change arbitrary values in affected tables or gain access to the sensitive data.


Discovery 2008-09-08
Entry 2008-09-10
Modified 2010-05-12
rubygem-rails
lt 2.2.2

CVE-2008-4094
http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
31db9a18-e289-11e1-a57d-080027a27dbfrubygem-rails -- multiple vulnerabilities

Rails core team reports:

This version contains three important security fixes, please upgrade immediately.

One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag's prompt option and strip_tags helper from ActionPack.

CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt.

CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code.

CVE-2012-3465 XSS Vulnerability in strip_tags.


Discovery 2012-08-08
Entry 2012-08-10
rubygem-rails
lt 3.2.8

rubygem-actionpack
lt 3.2.8

rubygem-activesupport
lt 3.2.8

CVE-2012-3463
CVE-2012-3464
CVE-2012-3465
https://groups.google.com/d/msg/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J
https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J
http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/