Name: | ruby193-rubygem-actionpack |
---|---|
Epoch: | 1 |
Version: | 3.2.8 |
Release: | 13.el7 |
Architecture: | noarch |
Group: | Development/Languages |
Size: | 1102973 |
License: | MIT |
RPM: | ruby193-rubygem-actionpack-3.2.8-13.el7.noarch.rpm |
Source RPM: | ruby193-rubygem-actionpack-3.2.8-13.el7.src.rpm |
Build Date: | Mon Jun 01 2015 |
Build Host: | x86-ol7-builder-03.us.oracle.com |
Vendor: | Oracle America |
URL: | http://www.rubyonrails.org |
Summary: | Web-flow and rendering framework putting the VC in MVC |
Description: | Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. |
- Fixes for CVE-2014-0130 - Resolves: rhbz#1096086
- Fix for CVE-2014-0082 - Resolves: rhbz#1065891
- Fix for CVE-2014-0081 - Resolves: rhbz#1065891
- Depend on scldevel(v8) virtual provide - Resolves: rhbz#1065887
- Fix regression introduced by CVE-2013-6415. - Resolves: rhbz#1038194
- Fix i18n missing translation XSS. * rubygem-actionpack-3.2.16-CVE-2013-4491-Stop-using-i18ns-built-in-HTML-error-handling.patch - Resolves: CVE-2013-4491 - Fix Action View DoS. * rubygem-actionpack-3.2.16-CVE-2013-6414-Only-use-valid-mime-type-symbols-as-cache-keys.patch - Resolves: CVE-2013-6414 - Fix number_to_currency XSS. * rubygem-actionpack-3.2.16-CVE-2013-6415-Escape-the-unit-value-provided-to-number_to_currency.patch - Resolves: CVE-2013-6415 - Fix unsafe query generation risk in Ruby on Rails (incomplete fix for CVE-2013-0155) (CVE-2013-6417). * rubygem-actionpack-3.2.16-CVE-2013-6417-Deep-Munge-the-parameters-for-GET-and-POST.patch - Resolves: CVE-2013-6417
- Build against v8314 SCL.
- Updated patch for CVE-2013-1857 by upstream.
- Fix for CVE-2013-1855 and CVE-2013-1857.
- Fix for CVE-2013-0155.