Author: joeyh
Date: 2011-09-07 09:14:18 +0000 (Wed, 07 Sep 2011)
New Revision: 17180
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-09-06 23:12:04 UTC (rev 17179)
+++ data/CVE/list 2011-09-07 09:14:18 UTC (rev 17180)
@@ -458,6 +458,7 @@
CVE-2011-3187 (The to_s method in ...)
TODO: check
CVE-2011-3186 (CRLF injection vulnerability in ...)
+ {DSA-2301-1}
- rails 2.3.14
CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on Windows allows
user-assisted ...)
- pidgin <not-affected> (Windows-specific)
@@ -1115,8 +1116,10 @@
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
TODO: check
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags
helper in ...)
+ {DSA-2301-1}
- rails 2.3.14
CVE-2011-2930 (Multiple SQL injection vulnerabilities in the quote_table_name
method ...)
+ {DSA-2301-1}
- rails 2.3.14
CVE-2011-2929 (The template selection functionality in ...)
TODO: check
@@ -24181,7 +24184,7 @@
- mysql-dfsg-5.1 <unfixed> (low; bug #569484)
- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags
function in ...)
- {DSA-2260-1}
+ {DSA-2301-1 DSA-2260-1}
- rails 2.2.3-2 (low; bug #558685)
NOTE:
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not
verify ...)