[SECURITY] Fedora 11 Update: rubygem-activerecord-2.3.2-2.fc11

updates at fedoraproject.org updates at fedoraproject.org
Wed Oct 14 01:55:34 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-10484
2009-10-14 00:49:00
--------------------------------------------------------------------------------

Name        : rubygem-activerecord
Product     : Fedora 11
Version     : 2.3.2
Release     : 2.fc11
URL         : http://www.rubyonrails.org
Summary     : Implements the ActiveRecord pattern for ORM
Description :
Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database
tables and classes together for business objects, like Customer or
Subscription, that can find, save, and destroy themselves without resorting to
manual SQL.

--------------------------------------------------------------------------------
Update Information:

- Fixes CVE-2009-3009  - Downgrade to Rails 2.3.2 to avoid update issues for
existing applications
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  7 2009 David Lutterkort <lutter at redhat.com> - 1:2.3.2-2
- Bump epoch; rails is not updatable across versions (bz 520843)
* Sun Sep 27 2009 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 2.3.3-2
- Force rebuild
* Sun Jul 26 2009 Jeroen van Meeuwen <j.van.meeuwen at ogd.nl> - 2.3.3-1
- New upstream version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #520843 - CVE-2009-3009 ruby-activesupport: XSS vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=520843
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update rubygem-activerecord' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list