Multiple Vulnerabilities in ruby-actionpack < 2.3.13 may remote code execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186
Solution
- Upgrade to 2.3.13
- Patches:
https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a
https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9
(from redmine: issue id 978, created on 2012-01-31, closed on 2012-02-01)
- Changesets:
- Revision b26e3b6e by Natanael Copa on 2012-01-31T16:00:01Z:
main/ruby-actionpack: security upgrade to 2.3.14 (CVE-2011-2931, CVE-2011-3186)
fixes #978