drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in rubygem-actionpack
Name: |
Cross-Site Scripting in rubygem-actionpack |
|
ID: |
FEDORA-2012-0626 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 15 |
|
Datum: |
Do, 26. Januar 2012, 08:37 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4319 |
|
Applikationen: |
Action Pack |
|
Originalnachricht |
Name : rubygem-actionpack Product : Fedora 15 Version : 3.0.5 Release : 5.fc15 URL : http://www.rubyonrails.org Summary : Web-flow and rendering framework putting the VC in MVC Description : Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser.
------------------------------------------------------------------------------- - Update Information:
A cross-site scripting (XSS) flaw was found in the way the 'translate' helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. This release fixes the bug. ------------------------------------------------------------------------------- - ChangeLog:
* Tue Jan 17 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1:3.0.5-5 - Security fix for XSS flaw, RHBZ #755007 (CVE-2011-4319) - Patch for tests failing with Ruby-1.8.7.p357. * Mon Aug 22 2011 Mo Morsi <mmorsi@redhat.com> - 1:3.0.5-4 - Include fixes for BZ#731432 and BZ#731436 * Thu Jun 16 2011 Mo Morsi <mmorsi@redhat.com> - 1:3.0.5-3 - Include fix for CVE-2011-2197 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #755007 - rubygem-actionpack: XSS in the 'translate' helper method [fedora-15] https://bugzilla.redhat.com/show_bug.cgi?id=755007 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-actionpack' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|