Re: Extremely critical Ruby on Rails bug

From: Hagedon, Mike <hagedonm_at_nyob>
Date: Wed, 9 Jan 2013 17:09:36 +0000
To: CODE4LIB_at_LISTSERV.ND.EDU 
That appears to be a different issue. The Phusion post is talking about CVE-2012-5664, but this new one is CVE-2013-0156.

Still, lots of trouble.

Mike

-----Original Message-----
From: Code for Libraries [mailto:CODE4LIB_at_LISTSERV.ND.EDU] On Behalf Of Patrick Berry
Sent: Wednesday, January 09, 2013 10:06 AM
To: CODE4LIB_at_LISTSERV.ND.EDU
Subject: Re: [CODE4LIB] Extremely critical Ruby on Rails bug

The Phusion folks did a nice summary write up.

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/#.UOX7xfhdeHG


On Wed, Jan 9, 2013 at 6:27 AM, Ian Walls <iwalls_at_library.umass.edu> wrote:

> Folks,
>
>
>
>
>
> I know a lot of you are running Ruby on Rails for various projects; 
> just wanted to be sure you saw this critical security issue with all 
> versions of
> Rails:
>
> http://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rail
> s-bug-
> threatens-more-than-200000-sites/
>
>
>
> In short, the following versions are safe: 3.2.11, 3.1.10, 3.0.19, or
> 2.3.15
>
>
>
> Cheers,
>
>
>
>
>
> -Ian Walls
>
> Web Services and Emerging Technologies Librarian
>
> UMass Amherst Libraries
>
Received on Wed Jan 09 2013 - 12:13:20 EST

URL: http://serials.infomotions.com/code4lib/