Fedora 30: FEDORA-2019-1cfe24db5c Critical: Active Record Code Execution

Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database

tables and classes together for business objects, like Customer or

Subscription, that can find, save, and destroy themselves without resorting to

manual SQL.

Update Ruby on Rails to 5.2.3. Fixes CVE-2019-5418 CVE-2019-5419 CVE-2019-5420.

* Thu Mar 28 2019 Pavel Valena - 1:5.2.3-1

- Update to Active Record 5.2.3.

* Thu Mar 14 2019 Pavel Valena - 1:5.2.2.1-1

- Update to Active Record 5.2.2.1.

[ 1 ] Bug #1689161 - CVE-2019-5418 CVE-2019-5419 rubygem-actionview: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1689161

[ 2 ] Bug #1689155 - CVE-2019-5420 rubygem-rails: Weak secret token leading to possible code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1689155

su -c 'dnf upgrade --advisory FEDORA-2019-1cfe24db5c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/