info updated with rails information

Author: jvazquez-r7

modules/auxiliary/admin/http/rails_devise_pass_reset.rb

@@ -26,7 +26,10 @@ def initialize(info = {})
 					but these may require adjustment for implementations which customize them.
 
 					Affects Devise < v2.2.3, 2.1.3, 2.0.5 and 1.5.4 when backed by any database
-					except PostgreSQL or SQLite3. Tested with v2.2.2, 2.1.2, and 2.0.4.
+					except PostgreSQL or SQLite3. Tested with v2.2.2, 2.1.2, and 2.0.4 on Rails
+					3.2.11. Patch applied to Rails 3.2.12 should prevent exploitation of this
+					vulnerability, by quoting numeric values when comparing them with non numeric
+					values.
 				},
 			'Author'        =>
 				[
@@ -40,7 +43,8 @@ def initialize(info = {})
 					[ 'OSVDB', '89642' ],
 					[ 'BID', '57577' ],
 					[ 'URL', 'http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/'],
-					[ 'URL', 'http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html']
+					[ 'URL', 'http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html'],
+					[ 'URL', 'https://github.com/rails/rails/commit/921a296a3390192a71abeec6d9a035cc6d1865c8' ]
 				],
 			'DisclosureDate' => 'Jan 28 2013'
 		))