From 5c077abb0eac32f19161f1088f13c4b3569f856a 2013-01-20 11:48:54
From: Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Date: 2013-01-20 11:48:54
Subject: [PATCH] 1.4-stable: add a link to a mail posted on 14 Jan 2013 about Rails 2.3 CVE-2013-0155

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.4-stable@11208 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/config/initializers/10-patches.rb b/config/initializers/10-patches.rb
index 6643ca9..0dfc37c 100644
--- a/config/initializers/10-patches.rb
+++ b/config/initializers/10-patches.rb
@@ -117,7 +117,9 @@ module ActionController
 end
 
 # Fix for CVE-2013-0155
+# https://groups.google.com/d/msg/rubyonrails-security/c7jT-EeN9eI/L0u4e87zYGMJ
 # https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J
+# https://github.com/rails/rails/blob/v2.3.15/activerecord/lib/active_record/base.rb#L2340
 module ActiveRecord
   class Base
     class << self