Date: Sat, 13 Sep 2008 20:20:52 +0200 From: Robert Buchholz <rbu@...too.org> To: oss-security@...ts.openwall.com Subject: CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection Hey, Ruby 2.1.1 has been released, fixing sanitation in the :limit and :offset parameters to SQL queries. References: http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1 http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/ http://rails.lighthouseapp.com/projects/8994/tickets/288 http://rails.lighthouseapp.com/projects/8994/tickets/964 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ