pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/databases/ruby-activerecord

Module Name:    pkgsrc
Committed By:   taca
Date:           Wed Aug 17 14:12:42 UTC 2011

Modified Files:
        pkgsrc/databases/ruby-activerecord: PLIST distinfo

Log Message:
Update ruby-activerecord package to 2.3.14.


Security fix:

The quote_table_name method in the ActiveRecord adapaters for Ruby on
Rails were initially created solely for the purpose of escaping
reserved words encountered in table names.  However over time 3rd
party libraries, and rails itself, grew to rely on those functions as
a way to sanitize potentially malicious user input.  As a result these
functions need to be hardened to manage malicious input rather than
assuming they're being passed benign values generated by rails itself.

To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/databases/ruby-activerecord/PLIST
cvs rdiff -u -r1.22 -r1.23 pkgsrc/databases/ruby-activerecord/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index