CVE updates for previous security vulnerabilities

185 views

Skip to first unread message

Aaron Patterson

unread,

Aug 22, 2011, 6:29:43 PM8/22/11

to rubyonrail...@googlegroups.com

Hey everyone,

We got CVEs assigned for the last round of security vulnerabilities.
Here is the summary:

* Filter skipping: CVE-2011-2929
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6

* SQL injection: CVE-2011-2930
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b

* Parse error in strip_tags: CVE-2011-2931
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12

* UTF-8 escaping vulnerability: CVE-2011-2931
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195

* Response splitting: CVE-2011-3186
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768

--
Aaron Patterson
http://tenderlovemaking.com/

Reply all

Reply to author

Forward

0 new messages

Search

Clear search

Close search

Google apps

Main menu