From the Red Hat bugzilla entries [1, 2, 3]:
CVE-2012-3463: When a "prompt" value is supplied to the `select_tag` helper, the
"prompt" value is not escaped. If untrusted data is not escaped, and
is supplied as the prompt value, there is a potential for XSS attacks.
CVE-2012-3464: The HTML escaping code in Ruby on Rails does not escape all
potentially dangerous characters. In particular the code does not
escape the single quote character. The helpers used in Rails itself
never use single quotes, so most applications are unlikely to be
vulnerable, however all users running an affected release should still
CVE-2012-3465: There is an XSS vulnerability in the strip_tags helper in Ruby on
Rails, the helper doesn't correctly handle malformed html. As a
specially crafted malformed html. All users who rely on strip_tags
for XSS protection should upgrade or use the work around immediately.