[v2.6] ruby-rails: vulnerabilities in PostgreSQL adapter for Active Record (CVE-2014-3482 CVE-2014-3483)
There are two distinct but related vulnerabilities in PostgreSQL adapter for Active Record. These vulnerabilities have been assigned the CVE identifiers CVE-2014-3482 and CVE-2014-3483.
Versions Affected: All Versions >2.0
Not affected: Databases other than PostgreSQL
Fixed Versions: 3.2.19, 4.0.7 & 4.1.3
References:
CONFIRM: http://seclists.org/oss-sec/2014/q3/5
CONFIRM:
http://weblog.rubyonrails.org/2014/7/2/Rails\_3\_2\_19\_4\_0\_7\_and\_4\_1\_3\_have\_been\_released/
(from redmine: issue id 3151, created on 2014-07-03, closed on 2015-05-22)
- Relations:
- parent #3149 (closed)
- Changesets:
- Revision 58bc3dae by Kaarle Ritvanen on 2014-12-10T01:06:53Z:
main/ruby-rails: upgrade to 3.2.21
fixes #2579
fixes #2805
fixes #2808
fixes #2942
fixes #3151
fixes #3474
fixes #3580
fixes #3584
CVE-2013-0334
CVE-2013-4389
CVE-2013-4492
CVE-2013-6414
CVE-2013-6415
CVE-2013-6417
CVE-2014-0081
CVE-2014-0082
CVE-2014-0130
CVE-2014-3482
CVE-2014-3483
CVE-2014-7818
CVE-2014-7819
- Revision 6220de6d by Kaarle Ritvanen on 2014-12-10T01:07:22Z:
main/ruby-redmine-rails: upgrade to 3.2.21
fixes #2805
fixes #2808
fixes #2942
fixes #3151
fixes #3580
fixes #3584
CVE-2013-4389
CVE-2013-6414
CVE-2013-6415
CVE-2013-6417
CVE-2014-0081
CVE-2014-0082
CVE-2014-0130
CVE-2014-3482
CVE-2014-3483
CVE-2014-7818
CVE-2014-7819