Add CVE-2011-1497/rails for an ancient issue

The versions affected for ruby-{active,action}*-X.Y packages are long gone in Debian, so do not go down these versions to track the fixed verion. src:rails OTOH was then never affected in Debian as the initial upload for Rails 4.0 contained the fix already.
author: Salvatore Bonaccorso <carnil@debian.org> 2021-10-19 22:29:27 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-10-19 22:29:27 +0200
commit: 44c914bbbbcc80284cfd72c14386cb0b9658fe10 (patch)
tree: c842d2968caafc9533581d22f60618c6c02ff8bd /data/CVE/2011.list
parent: 893ed4cd137ea0198d5ee91fa01db9a7609c672c (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 9802171374..b42c970f06 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -10070,7 +10070,9 @@ CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when
 	NOTE: http://seclists.org/oss-sec/2011/q2/188
 	NOTE: http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
 CVE-2011-1497 (A cross-site scripting vulnerability flaw was found in the auto_link f ...)
-	TODO: check
+	- rails <not-affected> (Fixed before initial release of rails 4.0 to Debian)
+	NOTE: https://www.openwall.com/lists/oss-security/2011/04/06/13
+	NOTE: https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
 CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which allows ...)
 	{DSA-2212-1}
 	- tmux 1.4-6 (bug #620304)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-10-19 22:29:27 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-10-19 22:29:27 +0200
commit	44c914bbbbcc80284cfd72c14386cb0b9658fe10 (patch)
tree	c842d2968caafc9533581d22f60618c6c02ff8bd /data/CVE/2011.list
parent	893ed4cd137ea0198d5ee91fa01db9a7609c672c (diff)