Create an account

Subscribe to LWN

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

rubygem-activerecord: SQL injection

Package(s):

rubygem-activerecord

CVE #(s):

CVE-2012-2661

Created:

June 15, 2012

Updated:

June 20, 2012

Description:

From the Fedora advisory:

Bug #827363 - CVE-2012-2661 rubygem-activerecord: SQL injection when processing nested query paramaters

https://bugzilla.redhat.com/show_bug.cgi?id=827363

Alerts:

Fedora	FEDORA-2012-8972	2012-06-15
Fedora	FEDORA-2012-8982	2012-06-15
Fedora	FEDORA-2012-8901	2012-06-15
SUSE	SUSE-SU-2012:1012-1	2012-08-21
SUSE	SUSE-SU-2012:1014-1	2012-08-21
openSUSE	openSUSE-SU-2012:1066-1	2012-08-30
Red Hat	RHSA-2013:0582-01	2013-02-28

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds