Login
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in rubygem-actionpack
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in rubygem-actionpack
ID: FEDORA-2012-0626
Distribution: Fedora
Plattformen: Fedora 15
Datum: Do, 26. Januar 2012, 08:37
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4319
Applikationen: rubygem-actionpack

Originalnachricht

Name        : rubygem-actionpack
Product : Fedora 15
Version : 3.0.5
Release : 5.fc15
URL : http://www.rubyonrails.org
Summary : Web-flow and rendering framework putting the VC in MVC
Description :
Eases web-request routing, handling, and response as a half-way front,
half-way page controller. Implemented with specific emphasis on enabling easy
unit/integration testing that doesn't require a browser.

-------------------------------------------------------------------------------
-
Update Information:

A cross-site scripting (XSS) flaw was found in the way the 'translate'
helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. This release fixes the bug.
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Jan 17 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1:3.0.5-5
- Security fix for XSS flaw, RHBZ #755007 (CVE-2011-4319)
- Patch for tests failing with Ruby-1.8.7.p357.
* Mon Aug 22 2011 Mo Morsi <mmorsi@redhat.com> - 1:3.0.5-4
- Include fixes for BZ#731432 and BZ#731436
* Thu Jun 16 2011 Mo Morsi <mmorsi@redhat.com> - 1:3.0.5-3
- Include fix for CVE-2011-2197
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #755007 - rubygem-actionpack: XSS in the 'translate' helper
method [fedora-15]
https://bugzilla.redhat.com/show_bug.cgi?id=755007
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update rubygem-actionpack' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung