[EPEL-devel] Rails stack update in EL5

Michael Stahnke stahnma at puppetlabs.com
Thu Oct 23 05:07:45 UTC 2014 

On Wed, Oct 22, 2014 at 10:14 AM, Michael Stahnke <stahnma at puppetlabs.com>
wrote:

> After a very long period of neglect, (sorry), I worked on updating the
> rails stack in EPEL5 to 2.3.18. This includes activesupport, activerecord
> and actionpack thus far. Rails still to come.
>
> Moving from 2.1.x to 2.3.x *should* be a clean upgrade, but I know in some
> cases it's not, as some security fixes required minor behavioral changes.
>
> I'd appreciate karma and feedback here if anybody is still using this old
> stack on EPEL5.
>
>
>
> https://admin.fedoraproject.org/updates/rubygem-actionpack-2.3.18-1.el5,rubygem-activerecord-2.3.18-1.el5,rubygem-activesupport-2.3.18-1.el5?_csrf_token=11f945c29f20072b1ae91f5b343b10334ab92758
>
> The bugs and CVEs addressed are plentiful.
>
>    - Bug 1095122 - CVE-2014-0130
>    - Bug 1095125 - CVE-2014-0130
>    - Bug 677626 - CVE-2011-0446
>    - Bug 677629 - CVE-2011-0446, CVE-2011-0447
>    - Bug 677631 - CVE-2011-0447
>    - Bug 731435 - CVE-2011-2932
>    - Bug 731438 - CVE-2011-2930
>    - Bug 731450 - CVE-2011-2932
>    - Bug 731453 - CVE-2011-2930
>    - Bug 744706 - CVE-2010-3933
>    - Bug 831583 - CVE-2012-2695
>    - Bug 843924 - CVE-2012-3424
>    - Bug 847202 - CVE-2013-0156
>    - Bug 891468 - CVE-2012-5664
>    - Bug 905373 - CVE-2013-0333
>    - Bug 921329 - CVE-2013-1854
>    - Bug 924297 - CVE-2013-1855, CVE-2013-1857
>    - Bug 924318 - CVE-2013-1854
>    - Bug 948706 - CVE-2013-0276
>
>
https://admin.fedoraproject.org/updates/rubygem-rails-2.3.18-1.el5,rubygem-actionmailer-2.3.18-1.el5,rubygem-activeresource-2.3.18-1.el5?_csrf_token=2d38be86ac50ac79b7baa258fde12a02b58bf46d
is the update I made tonight that contains rails, activeresource and
actionmailer.

Hopefully these updates all go through and we have a more secure rails
stack in epel5.

Karma appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/epel-devel/attachments/20141022/e6c70be4/attachment.html>

More information about the epel-devel mailing list