Package: rails Severity: grave Tags: security Justification: user security hole
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for rails. CVE-2008-4094[0]: | Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 | allow remote attackers to execute arbitrary SQL commands via the (1) | :limit and (2) :offset parameters, related to ActiveRecord, | ActiveSupport, ActiveResource, ActionPack, and ActionMailer. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094 http://security-tracker.debian.net/tracker/CVE-2008-4094 _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
