Multiple Vulnerabilities in ruby-actionpack < 2.3.13 may remote code execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186
Solution
- Upgrade to 2.3.13
- Patches:
https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a
https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9
(from redmine: issue id 979, created on 2012-01-31, closed on 2012-02-01)
- Changesets:
- Revision 269e7f25 by Natanael Copa on 2012-01-31T16:03:08Z:
main/ruby-actionpack: security upgrade to 2.3.14 (CVE-2011-2931, CVE-2011-3186)
fixes #979
(cherry picked from commit b26e3b6ec1ec742d6822d36fd791dfa309869e25)