FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
bb0ef21d-0e1b-461b-bc3d-9cba39948888rails -- multiple vulnerabilities

Ruby on Rails blog:

Rails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1 have been released! These contain important security fixes, and it is recommended that users upgrade as soon as possible.


Discovery 2016-01-25
Entry 2016-02-02
rubygem-actionpack
< 3.2.22.1

rubygem-actionpack4
< 4.2.5.1

rubygem-actionview
< 4.2.5.1

rubygem-activemodel4
< 4.2.5.1

rubygem-activerecord
< 3.2.22.1

rubygem-activerecord4
< 4.2.5.1

rubygem-rails
< 3.2.22.1

rubygem-rails-html-sanitizer
< 1.0.3

rubygem-rails4
< 4.2.5.1

CVE-2015-7576
CVE-2015-7577
CVE-2015-7581
CVE-2016-0751
CVE-2016-0752
CVE-2016-0753
https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ
https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ
https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ
https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ
https://groups.google.com/d/msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ
https://groups.google.com/d/msg/rubyonrails-security/6jQVC1geukQ/8oYETcxbFQAJ
http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/
db0c4b00-a24c-11e2-9601-000d601460a4rubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports:

Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible.

Four vulnerabilities have been discovered and fixed:

  1. (CVE-2013-1854) Symbol DoS vulnerability in Active Record
  2. (CVE-2013-1855) XSS vulnerability in sanitize_css in Action Pack
  3. (CVE-2013-1856) XML Parsing Vulnerability affecting JRuby users
  4. (CVE-2013-1857) XSS Vulnerability in the `sanitize` helper of Ruby on Rails

Discovery 2013-03-18
Entry 2013-04-10
rubygem-rails
< 3.2.13

rubygem-actionpack
< 3.2.13

rubygem-activerecord
< 3.2.13

rubygem-activesupport
< 3.2.13

CVE-2013-1854
CVE-2013-1856
CVE-2013-1856
CVE-2013-1857
http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
https://groups.google.com/forum/#!topic/ruby-security-ann/o0Dsdk2WrQ0
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI
ca5d3272-59e3-11e2-853b-00262d5ed8eerubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports:

Two high-risk vulnerabilities have been discovered:

(CVE-2013-0155) There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing.

Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty "WHERE" clauses. This issue does not let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users would not expect it.

(CVE-2013-0156) There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

The parameter parsing code of Ruby on Rails allows applications to automatically cast values from strings to certain data types. Unfortunately the type casting code supported certain conversions which were not suitable for performing on user-provided data including creating Symbols and parsing YAML. These unsuitable conversions can be used by an attacker to compromise a Rails application.


Discovery 2013-01-08
Entry 2013-01-08
rubygem-rails
< 3.2.11

rubygem-actionpack
< 3.2.11

rubygem-activerecord
< 3.2.11

rubygem-activesupport
< 3.2.11

CVE-2013-0155
CVE-2013-0156
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/t1WFuuQyavI
https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/61bkgvnSGTQ
eb8a8978-8dd5-49ce-87f4-49667b2166ddrubygem-rails -- multiple vulnerabilities

Ruby on Rails blog:

Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2.


Discovery 2015-06-16
Entry 2015-06-17
rubygem-activesupport
< 3.2.22

rubygem-activesupport4
< 4.2.2

rubygem-jquery-rails
< 3.1.3

rubygem-jquery-rails4
< 4.0.4

rubygem-rack
< 1.4.6

rubygem-rack15
< 1.5.4

rubygem-rack16
< 1.6.2

rubygem-rails
< 3.2.22

rubygem-rails4
< 4.2.2

rubygem-web-console
< 2.1.3

CVE-2015-1840
CVE-2015-3224
CVE-2015-3225
CVE-2015-3226
CVE-2015-3227
http://weblog.rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more/
6a806960-3016-44ed-8575-8614a7cb57c7rails -- multiple vulnerabilities

Rails weblog:

Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue.

The security fixes in 3.2.16 are:

  • CVE-2013-4491
  • CVE-2013-6414
  • CVE-2013-6415
  • CVE-2013-6417

The security fixes in 4.0.2 are:

  • CVE-2013-4491
  • CVE-2013-6414
  • CVE-2013-6415
  • CVE-2013-6416
  • CVE-2013-6417

Discovery 2013-12-03
Entry 2013-12-08
Modified 2014-04-23
rubygem-actionmailer
< 3.2.16

rubygem-actionpack
< 3.2.16

rubygem-activemodel
< 3.2.16

rubygem-activerecord
< 3.2.16

rubygem-activeresource
< 3.2.16

rubygem-activesupport
< 3.2.16

rubygem-rails
< 3.2.16

rubygem-railties
< 3.2.16

rubygem-actionpack4
< 4.0.2

rubygem-activesupport4
< 4.0.2

CVE-2013-4491
CVE-2013-6414
CVE-2013-6415
CVE-2013-6416
CVE-2013-6417
http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
be77eff6-ca91-11e0-aea3-00215c6a37bbrubygem-rails -- multiple vulnerabilities

SecurityFocus reports:

Ruby on Rails is prone to multiple vulnerabilities including SQL-injection, information-disclosure, HTTP-header-injection, security-bypass and cross-site scripting issues.


Discovery 2011-08-16
Entry 2011-08-19
rubygem-rails
< 3.0.10

49179
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
31db9a18-e289-11e1-a57d-080027a27dbfrubygem-rails -- multiple vulnerabilities

Rails core team reports:

This version contains three important security fixes, please upgrade immediately.

One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag's prompt option and strip_tags helper from ActionPack.

CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt.

CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code.

CVE-2012-3465 XSS Vulnerability in strip_tags.


Discovery 2012-08-08
Entry 2012-08-10
rubygem-rails
< 3.2.8

rubygem-actionpack
< 3.2.8

rubygem-activesupport
< 3.2.8

CVE-2012-3463
CVE-2012-3464
CVE-2012-3465
https://groups.google.com/d/msg/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J
https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J
http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
5a016dd0-8aa8-490e-a596-55f4cc17e4efrails -- multiple vulnerabilities

Ruby on Rails blog:

Rails 4.2.5.2, 4.1.14.2, and 3.2.22.2 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible.


Discovery 2016-02-29
Entry 2016-03-06
rubygem-actionpack
< 3.2.22.2

rubygem-actionpack4
< 4.2.5.2

rubygem-actionview
< 4.2.5.2

rubygem-rails
< 3.2.22.2

rubygem-rails4
< 4.2.5.2

CVE-2016-2097
CVE-2016-2098
https://groups.google.com/d/msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
https://groups.google.com/d/msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ
http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
b4051b52-58fa-11e2-853b-00262d5ed8eerubygem-rails -- SQL injection vulnerability

Ruby on Rails team reports:

There is a SQL injection vulnerability in Active Record in ALL versions. Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL.


Discovery 2013-01-02
Entry 2013-01-07
rubygem-rails
< 3.2.10

CVE-2012-5664
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM