This bug was fixed in the package rails - 2.2.3-2ubuntu0.1
--------------- rails (2.2.3-2ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper - backported fix from upstream: actionpack/test/template/url_helper_test.rb actionpack/lib/action_view/helpers/url_helper.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81 - CVE-2011-0446 - LP: #870846 * SECURITY UPDATE: rails does not properly validate HTTP requests that contain an X-Requested-With header - patch from upstream: actionpack/test/controller/request_forgery_protection_test.rb actionpack/lib/action_view/helpers.rb actionpack/lib/action_view/helpers/csrf_helper.rb actionpack/lib/action_controller/request_forgery_protection.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665 - CVE-2011-0447 * SECURITY UPDATE: multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters - patch from upstream: activerecord/test/cases/base_test.rb activerecord/lib/active_record/connection_adapters/mysql_adapter.rb activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b - CVE-2011-2930 * SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the strip_tags helper - patch from upstream: actionpack/test/controller/html-scanner/sanitizer_test.rb actionpack/lib/action_controller/vendor/html-scanner/html/node.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12 - CVE-2011-2931 * SECURITY UPDATE: cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string - backported fix from upstream: actionpack/lib/action_view/template_handlers/erb.rb actionpack/test/template/erb_util_test.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195 - CVE-2011-2932 * SECURITY UPDATE: response splitting vulnerability - patch from upstream: actionpack/test/controller/content_type_test.rb actionpack/lib/action_controller/response.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768 - CVE-2011-3186 -- Felix Geyer <email address hidden> Sat, 08 Oct 2011 17:26:54 +0200
This bug was fixed in the package rails - 2.2.3-2ubuntu0.1
---------------
rails (2.2.3-2ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in
actionpack/ test/template/ url_helper_ test.rb
actionpack/ lib/action_ view/helpers/ url_helper. rb /groups. google. com/group/ rubyonrails- security/ browse_ thread/ thread/ f02a48ede8315f8 1
actionpack/ test/controller /request_ forgery_ protection_ test.rb
actionpack/ lib/action_ view/helpers. rb
actionpack/ lib/action_ view/helpers/ csrf_helper. rb
actionpack/ lib/action_ controller/ request_ forgery_ protection. rb /groups. google. com/group/ rubyonrails- security/ browse_ thread/ thread/ 2d95a3cc23e0366 5 table_name method in the ActiveRecord adapters
activerecord/ test/cases/ base_test. rb
activerecord/ lib/active_ record/ connection_ adapters/ mysql_adapter. rb
activerecord/ lib/active_ record/ connection_ adapters/ sqlite_ adapter. rb /groups. google. com/group/ rubyonrails- security/ browse_ thread/ thread/ 6a1e473744bc389 b
actionpack/ test/controller /html-scanner/ sanitizer_ test.rb
actionpack/ lib/action_ controller/ vendor/ html-scanner/ html/node. rb /groups. google. com/group/ rubyonrails- security/ browse_ thread/ thread/ 2b9130749b74ea1 2
actionpack/ lib/action_ view/template_ handlers/ erb.rb
actionpack/ test/template/ erb_util_ test.rb /groups. google. com/group/ rubyonrails- security/ browse_ thread/ thread/ 56bffb5923ab119 5
actionpack/ test/controller /content_ type_test. rb
actionpack/ lib/action_ controller/ response. rb /groups. google. com/group/ rubyonrails- security/ browse_ thread/ thread/ 6ffc93bde029876 8
the mail_to helper
- backported fix from upstream:
- https:/
- CVE-2011-0446
- LP: #870846
* SECURITY UPDATE: rails does not properly validate HTTP requests that
contain an X-Requested-With header
- patch from upstream:
- https:/
- CVE-2011-0447
* SECURITY UPDATE: multiple SQL injection vulnerabilities in the
quote_
- patch from upstream:
- https:/
- CVE-2011-2930
* SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the
strip_tags helper
- patch from upstream:
- https:/
- CVE-2011-2931
* SECURITY UPDATE: cross-site scripting vulnerability which allows remote
attackers to inject arbitrary web script or HTML via a malformed Unicode string
- backported fix from upstream:
- https:/
- CVE-2011-2932
* SECURITY UPDATE: response splitting vulnerability
- patch from upstream:
- https:/
- CVE-2011-3186
-- Felix Geyer <email address hidden> Sat, 08 Oct 2011 17:26:54 +0200