Debian Security Advisory
DSA-2609-1 rails -- SQL query manipulation
- Date Reported:
- 16 Jan 2013
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-0155.
- More information:
An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges.
For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze5.
We recommend that you upgrade your rails packages.