OVAL Reference oval:com.ubuntu.precise:def:20122661000

Oval Definition:

oval:com.ubuntu.precise:def:20122661000

Revision Date:	2012-06-22	Version:	1
Title:	CVE-2012-2661 on Ubuntu 12.04 LTS (precise) - medium.
Description:	The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2012-2661
Platform(s):	Ubuntu 12.04 LTS	Product(s):
Definition Synopsis
Ubuntu 12.04 LTS (precise) is installed. AND Package Information NOT While related to the CVE in some way, the 'rails' package in precise is not affected (note: 'contains no code'). OR NOT While related to the CVE in some way, the 'ruby-rails-2.3' package in precise is not affected.