Subject: CVS commit: pkgsrc/databases/ruby-activerecord
From: Takahiro Kambe
Date: 2011-08-17 16:12:42
Message id: 20110817141242.7351C175DD@cvs.netbsd.org

Log Message:
Update ruby-activerecord package to 2.3.14.

2.3.14:

Security fix:

The quote_table_name method in the ActiveRecord adapaters for Ruby on
Rails were initially created solely for the purpose of escaping
reserved words encountered in table names.  However over time 3rd
party libraries, and rails itself, grew to rely on those functions as
a way to sanitize potentially malicious user input.  As a result these
functions need to be hardened to manage malicious input rather than
assuming they're being passed benign values generated by rails itself.

Files:
RevisionActionfile
1.21modifypkgsrc/databases/ruby-activerecord/PLIST
1.23modifypkgsrc/databases/ruby-activerecord/distinfo