lp:debian/lenny/rails
- Get this branch:
- bzr branch lp:debian/lenny/rails
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 8. By Ondřej Surý
-
Fix security regression caused by pulling invalid upstream fix
for our version of rails - 7. By Ondřej Surý
-
* Fix SQL Injection Vulnerability in Ruby on Rails (CVE-2011-2930)
* Fix parse error in strip_tags vulnerability (CVE-2011-2931)
* Fix response splitting vulnerability (CVE-2011-3186)
* Adopt the package under DRE - 6. By Adam Majer
-
Fix XSS vulnerability in the escaping code for the form
helpers in Ruby on Rails. Attackers who can inject deliberately
malformed unicode strings into the form helpers can defeat the
escaping checks and inject arbitrary HTML [CVE-2009-3009] - 5. By Adam Majer
-
Some browsers may submit 'text/plain' content type as part of POST
request. ActionController passed these requests through, sidestepping
the CSRF protection given by protect_from_forgery. Patch from
upstream removes 'text/plain' encoding from the "ignore list". - 4. By Adam Majer
-
Sanitize the URLs passed to redirect_to to prevent a potential
response splitting attack. Patch from upstream.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/rails