Apply Rails security patch on production system

Avg Bid (EUR)
Project Budget (EUR)
€30 - €250

Project Description:
My customer's site is running following versions

$ rails -v
Rails 2.3.5
$ ruby -v
ruby 1.8.6 (2010-02-05 patchlevel 399) [x86_64-linux]

This project consists of following steps
1. backup current version
2. applying the security patches referenced on
3. in case it fails solve the problems

This site is in production but there is no problem that is down for 1 hour or so.

Additional Project Description:
01/11/2013 at 0:15 CET
The backup is no longer needed, I did that one already myself to be on the safe side ;-)

So the only thing left to do is to find the correct patch to be applied on rails 2.3.5 and execute the patch.
Kindly also provide in your answer how you will show to me the patch worked. E.g. by sending me the log of the patch that was executed so I can see the files that were adapted.

Some people wondered what kind of site it was, so I give some more explanation here for all to see
1. Most important part is a catalog of plants that are grouped in categories. Each plant has a detailed page with 1 or several pictures that can be clicked to be shown on full size.
2. There is an edit function so the admin can adapt the description, type of flower, type of leave etc
3. End users can see a list of prices and decide to order one or more plants. They build up their shopping cart and when submitting it, they enter their address info. No user data is kept or no login is done.
4. There are some primitive settings pages to maintain lists of zipcodes, transport costs (depends on the distance)

All in all not a very complex application, the mysql database only has 14 tables.

01/11/2013 at 0:17 CET
By the way, I have access to the server. I use putty to get to the command line.

In case of questions, don't hesitate to ask.

Skills required:
Ruby on Rails
About the employer:
Public Clarification Board
Bids are hidden by the project creator. Log in as the employer to view bids or to bid on this project.
You will not be able to bid on this project if you are not qualified in one of the job categories. To see your qualifications click here.