Candidate: CVE-2013-3221
PublicDate: 2013-04-22 03:27:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221
 https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain
 http://www.phenoelit.org/blog/archives/2013/02/index.html
 http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails/
 http://openwall.com/lists/oss-security/2013/02/06/7
Description:
 The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x
 does not ensure that the declared data type of a database column is used
 during comparisons of input values to stored values in that column, which
 makes it easier for remote attackers to conduct data-type injection attacks
 against Ruby on Rails applications via a crafted value, as demonstrated by
 unintended interaction between the "typed XML" feature and a MySQL
 database.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ruby-activerecord-2.3:
upstream_ruby-activerecord-2.3: needs-triage
hardy_ruby-activerecord-2.3: DNE
lucid_ruby-activerecord-2.3: DNE
oneiric_ruby-activerecord-2.3: ignored (reached end-of-life)
precise_ruby-activerecord-2.3: ignored (reached end-of-life)
precise/esm_ruby-activerecord-2.3: DNE (precise was needs-triage)
quantal_ruby-activerecord-2.3: ignored (reached end-of-life)
raring_ruby-activerecord-2.3: ignored (reached end-of-life)
saucy_ruby-activerecord-2.3: ignored (reached end-of-life)
trusty_ruby-activerecord-2.3: DNE
trusty/esm_ruby-activerecord-2.3: DNE
utopic_ruby-activerecord-2.3: DNE
vivid_ruby-activerecord-2.3: DNE
vivid/stable-phone-overlay_ruby-activerecord-2.3: DNE
vivid/ubuntu-core_ruby-activerecord-2.3: DNE
wily_ruby-activerecord-2.3: DNE
xenial_ruby-activerecord-2.3: DNE
yakkety_ruby-activerecord-2.3: DNE
zesty_ruby-activerecord-2.3: DNE
artful_ruby-activerecord-2.3: DNE
bionic_ruby-activerecord-2.3: DNE
cosmic_ruby-activerecord-2.3: DNE
disco_ruby-activerecord-2.3: DNE
devel_ruby-activerecord-2.3: DNE

Patches_ruby-activerecord-3.2:
upstream_ruby-activerecord-3.2: needs-triage
hardy_ruby-activerecord-3.2: DNE
lucid_ruby-activerecord-3.2: DNE
oneiric_ruby-activerecord-3.2: DNE
precise_ruby-activerecord-3.2: DNE
precise/esm_ruby-activerecord-3.2: DNE
quantal_ruby-activerecord-3.2: ignored (reached end-of-life)
raring_ruby-activerecord-3.2: ignored (reached end-of-life)
saucy_ruby-activerecord-3.2: ignored (reached end-of-life)
trusty_ruby-activerecord-3.2: ignored (reached end-of-life)
trusty/esm_ruby-activerecord-3.2: DNE (trusty was needs-triage)
utopic_ruby-activerecord-3.2: DNE
vivid_ruby-activerecord-3.2: DNE
vivid/stable-phone-overlay_ruby-activerecord-3.2: DNE
vivid/ubuntu-core_ruby-activerecord-3.2: DNE
wily_ruby-activerecord-3.2: DNE
xenial_ruby-activerecord-3.2: DNE
yakkety_ruby-activerecord-3.2: DNE
zesty_ruby-activerecord-3.2: DNE
artful_ruby-activerecord-3.2: DNE
bionic_ruby-activerecord-3.2: DNE
cosmic_ruby-activerecord-3.2: DNE
disco_ruby-activerecord-3.2: DNE
devel_ruby-activerecord-3.2: DNE