Next | Query returned 2 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2012-08-20 10:19:37 by Steven Drake | Files touched by this commit (9) | Package updated
Log message:
Pullup ticket #3902 - requested by taca
Ruby on Rails 3.1.8 security update

Revisions pulled up:
- databases/ruby-activerecord31/distinfo                        1.6
- devel/ruby-activemodel31/distinfo                             1.6
- devel/ruby-activesupport31/distinfo                           1.7
- devel/ruby-railties31/distinfo                                1.6
- lang/ruby/rails.mk                                            1.29
- mail/ruby-actionmailer31/distinfo                             1.6
- www/ruby-actionpack31/distinfo                                1.7
- www/ruby-activeresource31/distinfo                            1.6
- www/ruby-rails31/distinfo                                     1.6

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 10:32:52 UTC 2012

   Modified Files:
   	pkgsrc/lang/ruby: rails.mk

   Log message:
   Start Ruby on Rails 3.1.8.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 10:33:18 UTC 2012

   Modified Files:
   	pkgsrc/devel/ruby-activesupport31: distinfo

   Log message:
   Update ruby-activesupport31 to 3.1.8.

   ## Rails 3.1.8 (Aug 9, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 10:33:48 UTC 2012

   Modified Files:
   	pkgsrc/devel/ruby-activemodel31: distinfo

   Log message:
   Update ruby-activemodel31 to 3.1.8.

   ## Rails 3.1.8 (Aug 9, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 10:34:38 UTC 2012

   Modified Files:
   	pkgsrc/www/ruby-actionpack31: distinfo

   Log message:
   Update ruby-actionpack31 to 3.1.8.

   ## Rails 3.1.8 (Aug 9, 2012)

   * There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
     helper doesn't correctly handle malformed html.  As a result an attacker can
     execute arbitrary javascript through the use of specially crafted malformed
     html.

     *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

   * When a "prompt" value is supplied to the `select_tag` helper, the
     "prompt" value is not escaped.
     If untrusted data is not escaped, and is supplied as the prompt value,
     there is a potential for XSS attacks.
     Vulnerable code will look something like this:
       select_tag("name", options, :prompt => UNTRUSTED_INPUT)

     *Santiago Pastorino*

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 10:35:20 UTC 2012

   Modified Files:
   	pkgsrc/databases/ruby-activerecord31: distinfo

   Log message:
   Update ruby-activerecord31 to 3.1.8.

   ## Rails 3.1.8 (Aug 9, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 10:36:35 UTC 2012

   Modified Files:
   	pkgsrc/www/ruby-activeresource31: distinfo

   Log message:
   Update ruby-activeresource31 to 3.1.8.

   ## Rails 3.1.8 (Aug 9, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 10:37:22 UTC 2012

   Modified Files:
   	pkgsrc/mail/ruby-actionmailer31: distinfo

   Log message:
   Update ruby-actionmailer31 to 3.1.8.

   ## Rails 3.1.8 (Aug 9, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 10:37:52 UTC 2012

   Modified Files:
   	pkgsrc/devel/ruby-railties31: distinfo

   Log message:
   Update ruby-railties31 to 3.1.8.

   ## Rails 3.1.8 (Aug 9, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 10:38:45 UTC 2012

   Modified Files:
   	pkgsrc/www/ruby-rails31: distinfo

   Log message:
   Update ruby-rails31 to 3.1.8.

   This is a meta-like package and no changes.
   2012-08-12 16:26:15 by Matthias Scheler | Files touched by this commit (9) | Package updated
Log message:
Pullup ticket #3895 - requested by taca
databases/ruby-activerecord31: security update
devel/ruby-activemodel31: security update
devel/ruby-activesupport31: security update
devel/ruby-railties31: security update
mail/ruby-actionmailer31: security update
www/ruby-actionpack31: security update
www/ruby-activeresource31: security update
www/ruby-rails31: security update

Revisions pulled up:
- databases/ruby-activerecord31/distinfo                        1.5
- devel/ruby-activemodel31/distinfo                             1.5
- devel/ruby-activesupport31/distinfo                           1.6
- devel/ruby-railties31/distinfo                                1.5
- lang/ruby/rails.mk                                            1.26
- mail/ruby-actionmailer31/distinfo                             1.5
- www/ruby-actionpack31/distinfo                                1.6
- www/ruby-activeresource31/distinfo                            1.5
- www/ruby-rails31/distinfo                                     1.5

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul 31 12:34:39 UTC 2012

   Modified Files:
   	pkgsrc/lang/ruby: rails.mk

   Log message:
   Start update of Ruby on Rails 3.1.7.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul 31 12:35:07 UTC 2012

   Modified Files:
   	pkgsrc/devel/ruby-activesupport31: distinfo

   Log message:
   Update ruby-activesupport31 to 3.1.7.

   ## Rails 3.1.7 (Jul 26, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul 31 12:35:47 UTC 2012

   Modified Files:
   	pkgsrc/devel/ruby-activemodel31: distinfo

   Log message:
   Update ruby-activemodel31 to 3.1.7.

   ## Rails 3.1.7 (Jul 26, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul 31 12:36:18 UTC 2012

   Modified Files:
   	pkgsrc/www/ruby-activeresource31: distinfo

   Log message:
   Update ruby-activeresource31 to 3.1.7.

   ## Rails 3.1.7 (Jul 26, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul 31 12:36:59 UTC 2012

   Modified Files:
   	pkgsrc/databases/ruby-activerecord31: distinfo

   Log message:
   Update ruby-activerecord31 to 3.1.7.

   ## Rails 3.1.7 (Jul 26, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul 31 12:38:13 UTC 2012

   Modified Files:
   	pkgsrc/www/ruby-actionpack31: distinfo

   Log message:
   Update ruby-actionpack31 to 3.1.7.

   ## Rails 3.1.7 (Jul 26, 2012)

   * Do not convert digest auth strings to symbols. CVE-2012-3424

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul 31 12:38:47 UTC 2012

   Modified Files:
   	pkgsrc/mail/ruby-actionmailer31: distinfo

   Log message:
   Update ruby-actionmailer31 to 3.1.7.

   ## Rails 3.1.7 (Jul 26, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul 31 12:39:16 UTC 2012

   Modified Files:
   	pkgsrc/devel/ruby-railties31: distinfo

   Log message:
   Update ruby-railties31 to 3.1.7.

   ## Rails 3.1.7 (Jul 26, 2012)

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul 31 12:41:23 UTC 2012

   Modified Files:
   	pkgsrc/www/ruby-rails31: distinfo

   Log message:
   Update Update ruby-rails31 to 3.1.17.

   This is a meta-like package and no changes.

Next | Query returned 2 messages, browsing 1 to 10 | previous