FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 18:22:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
eb8a8978-8dd5-49ce-87f4-49667b2166ddrubygem-rails -- multiple vulnerabilities

Ruby on Rails blog:

Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2.


Discovery 2015-06-16
Entry 2015-06-17
rubygem-activesupport
< 3.2.22

rubygem-activesupport4
< 4.2.2

rubygem-jquery-rails
< 3.1.3

rubygem-jquery-rails4
< 4.0.4

rubygem-rack
< 1.4.6

rubygem-rack15
< 1.5.4

rubygem-rack16
< 1.6.2

rubygem-rails
< 3.2.22

rubygem-rails4
< 4.2.2

rubygem-web-console
< 2.1.3

CVE-2015-1840
CVE-2015-3224
CVE-2015-3225
CVE-2015-3226
CVE-2015-3227
http://weblog.rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more/
db0c4b00-a24c-11e2-9601-000d601460a4rubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports:

Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible.

Four vulnerabilities have been discovered and fixed:

  1. (CVE-2013-1854) Symbol DoS vulnerability in Active Record
  2. (CVE-2013-1855) XSS vulnerability in sanitize_css in Action Pack
  3. (CVE-2013-1856) XML Parsing Vulnerability affecting JRuby users
  4. (CVE-2013-1857) XSS Vulnerability in the `sanitize` helper of Ruby on Rails

Discovery 2013-03-18
Entry 2013-04-10
rubygem-rails
< 3.2.13

rubygem-actionpack
< 3.2.13

rubygem-activerecord
< 3.2.13

rubygem-activesupport
< 3.2.13

CVE-2013-1854
CVE-2013-1856
CVE-2013-1856
CVE-2013-1857
http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
https://groups.google.com/forum/#!topic/ruby-security-ann/o0Dsdk2WrQ0
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI
6a806960-3016-44ed-8575-8614a7cb57c7rails -- multiple vulnerabilities

Rails weblog:

Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue.

The security fixes in 3.2.16 are:

  • CVE-2013-4491
  • CVE-2013-6414
  • CVE-2013-6415
  • CVE-2013-6417

The security fixes in 4.0.2 are:

  • CVE-2013-4491
  • CVE-2013-6414
  • CVE-2013-6415
  • CVE-2013-6416
  • CVE-2013-6417

Discovery 2013-12-03
Entry 2013-12-08
Modified 2014-04-23
rubygem-actionmailer
< 3.2.16

rubygem-actionpack
< 3.2.16

rubygem-activemodel
< 3.2.16

rubygem-activerecord
< 3.2.16

rubygem-activeresource
< 3.2.16

rubygem-activesupport
< 3.2.16

rubygem-rails
< 3.2.16

rubygem-railties
< 3.2.16

rubygem-actionpack4
< 4.0.2

rubygem-activesupport4
< 4.0.2

CVE-2013-4491
CVE-2013-6414
CVE-2013-6415
CVE-2013-6416
CVE-2013-6417
http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/