Candidate: CVE-2014-0080
PublicDate: 2014-02-20 15:27:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0080
 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ
 http://openwall.com/lists/oss-security/2014/02/18/9
Description:
 SQL injection vulnerability in
 activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in
 Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when
 PostgreSQL is used, allows remote attackers to execute "add data" SQL
 commands via vectors involving \ (backslash) characters that are not
 properly handled in operations on array columns.
Ubuntu-Description:
Notes:
 mdeslaur> in Oneiric+, rails package is just for transition
Bugs:
Priority: medium
Discovered-by: Godfrey Chan
Assigned-to:
CVSS: 

Patches_rails:
upstream_rails: released (4.0.3)
lucid_rails: not-affected
precise_rails: not-affected (contains no code)
precise/esm_rails: DNE (precise was not-affected [contains no code])
quantal_rails: not-affected (contains no code)
saucy_rails: not-affected (contains no code)
trusty_rails: not-affected (contains no code)
trusty/esm_rails: DNE (trusty was not-affected [contains no code])
utopic_rails: not-affected (contains no code)
vivid_rails: not-affected (contains no code)
vivid/stable-phone-overlay_rails: DNE
vivid/ubuntu-core_rails: DNE
wily_rails: not-affected (contains no code)
xenial_rails: not-affected (contains no code)
yakkety_rails: not-affected (contains no code)
zesty_rails: not-affected (contains no code)
artful_rails: not-affected (contains no code)
bionic_rails: not-affected (contains no code)
cosmic_rails: not-affected (contains no code)
disco_rails: not-affected (contains no code)
devel_rails: not-affected (contains no code)

Patches_ruby-rails-2.3:
upstream_ruby-rails-2.3: ignored (reached end-of-life)
lucid_ruby-rails-2.3: DNE
precise_ruby-rails-2.3: not-affected
precise/esm_ruby-rails-2.3: DNE (precise was not-affected)
quantal_ruby-rails-2.3: not-affected
saucy_ruby-rails-2.3: not-affected
trusty_ruby-rails-2.3: DNE
trusty/esm_ruby-rails-2.3: DNE
utopic_ruby-rails-2.3: DNE
vivid_ruby-rails-2.3: DNE
vivid/stable-phone-overlay_ruby-rails-2.3: DNE
vivid/ubuntu-core_ruby-rails-2.3: DNE
wily_ruby-rails-2.3: DNE
xenial_ruby-rails-2.3: DNE
yakkety_ruby-rails-2.3: DNE
zesty_ruby-rails-2.3: DNE
artful_ruby-rails-2.3: DNE
bionic_ruby-rails-2.3: DNE
cosmic_ruby-rails-2.3: DNE
disco_ruby-rails-2.3: DNE
devel_ruby-rails-2.3: DNE

Patches_ruby-activerecord-2.3:
upstream_ruby-activerecord-2.3: ignored (reached end-of-life)
lucid_ruby-activerecord-2.3: DNE
precise_ruby-activerecord-2.3: not-affected
precise/esm_ruby-activerecord-2.3: DNE (precise was not-affected)
quantal_ruby-activerecord-2.3: not-affected
saucy_ruby-activerecord-2.3: not-affected
trusty_ruby-activerecord-2.3: DNE
trusty/esm_ruby-activerecord-2.3: DNE
utopic_ruby-activerecord-2.3: DNE
vivid_ruby-activerecord-2.3: DNE
vivid/stable-phone-overlay_ruby-activerecord-2.3: DNE
vivid/ubuntu-core_ruby-activerecord-2.3: DNE
wily_ruby-activerecord-2.3: DNE
xenial_ruby-activerecord-2.3: DNE
yakkety_ruby-activerecord-2.3: DNE
zesty_ruby-activerecord-2.3: DNE
artful_ruby-activerecord-2.3: DNE
bionic_ruby-activerecord-2.3: DNE
cosmic_ruby-activerecord-2.3: DNE
disco_ruby-activerecord-2.3: DNE
devel_ruby-activerecord-2.3: DNE

Patches_ruby-rails-3.2:
upstream_ruby-rails-3.2: not-affected
lucid_ruby-rails-3.2: DNE
precise_ruby-rails-3.2: DNE
precise/esm_ruby-rails-3.2: DNE
quantal_ruby-rails-3.2: not-affected
saucy_ruby-rails-3.2: not-affected
trusty_ruby-rails-3.2: not-affected
trusty/esm_ruby-rails-3.2: DNE (trusty was not-affected)
utopic_ruby-rails-3.2: DNE
vivid_ruby-rails-3.2: DNE
vivid/stable-phone-overlay_ruby-rails-3.2: DNE
vivid/ubuntu-core_ruby-rails-3.2: DNE
wily_ruby-rails-3.2: DNE
xenial_ruby-rails-3.2: DNE
yakkety_ruby-rails-3.2: DNE
zesty_ruby-rails-3.2: DNE
artful_ruby-rails-3.2: DNE
bionic_ruby-rails-3.2: DNE
cosmic_ruby-rails-3.2: DNE
disco_ruby-rails-3.2: DNE
devel_ruby-rails-3.2: DNE

Patches_ruby-activerecord-3.2:
upstream_ruby-activerecord-3.2: not-affected
lucid_ruby-activerecord-3.2: DNE
precise_ruby-activerecord-3.2: DNE
precise/esm_ruby-activerecord-3.2: DNE
quantal_ruby-activerecord-3.2: not-affected
saucy_ruby-activerecord-3.2: not-affected
trusty_ruby-activerecord-3.2: not-affected
trusty/esm_ruby-activerecord-3.2: DNE (trusty was not-affected)
utopic_ruby-activerecord-3.2: DNE
vivid_ruby-activerecord-3.2: DNE
vivid/stable-phone-overlay_ruby-activerecord-3.2: DNE
vivid/ubuntu-core_ruby-activerecord-3.2: DNE
wily_ruby-activerecord-3.2: DNE
xenial_ruby-activerecord-3.2: DNE
yakkety_ruby-activerecord-3.2: DNE
zesty_ruby-activerecord-3.2: DNE
artful_ruby-activerecord-3.2: DNE
bionic_ruby-activerecord-3.2: DNE
cosmic_ruby-activerecord-3.2: DNE
disco_ruby-activerecord-3.2: DNE
devel_ruby-activerecord-3.2: DNE

Patches_rails-4.0:
upstream_rails-4.0: released (4.0.3)
lucid_rails-4.0: DNE
precise_rails-4.0: DNE
precise/esm_rails-4.0: DNE
quantal_rails-4.0: DNE
saucy_rails-4.0: DNE
trusty_rails-4.0: ignored (reached end-of-life)
trusty/esm_rails-4.0: DNE (trusty was needed)
utopic_rails-4.0: ignored (reached end-of-life)
vivid_rails-4.0: DNE
vivid/stable-phone-overlay_rails-4.0: DNE
vivid/ubuntu-core_rails-4.0: DNE
wily_rails-4.0: DNE
xenial_rails-4.0: DNE
yakkety_rails-4.0: DNE
zesty_rails-4.0: DNE
artful_rails-4.0: DNE
bionic_rails-4.0: DNE
cosmic_rails-4.0: DNE
disco_rails-4.0: DNE
devel_rails-4.0: DNE