[SECURITY] Fedora 11 Update: rubygem-activeresource-2.3.2-2.fc11
updates at fedoraproject.org
updates at fedoraproject.org
Wed Oct 14 01:55:34 UTC 2009
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-10484
2009-10-14 00:49:00
--------------------------------------------------------------------------------
Name : rubygem-activeresource
Product : Fedora 11
Version : 2.3.2
Release : 2.fc11
URL : http://www.rubyonrails.org
Summary : Active Record for web resources
Description :
Wraps web resources in model classes that can be manipulated through XML over
REST.
--------------------------------------------------------------------------------
Update Information:
- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for
existing applications
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 7 2009 David Lutterkort <lutter at redhat.com> - 1:2.3.2-2
- Bump epoch; rails is not updatable across versions (bz 520843)
* Sun Sep 27 2009 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 2.3.3-2
- Force rebuild
* Sun Jul 26 2009 Jeroen van Meeuwen <kanarip at fedoraproject.org> - 2.3.3-1
- New upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #520843 - CVE-2009-3009 ruby-activesupport: XSS vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=520843
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update rubygem-activeresource' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list