[SECURITY] [DLA 2149-1] rails security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : rails
Version : 2:4.1.8-1+deb8u6
CVE ID : CVE-2020-5267
Debian Bug : 954304
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a
possible XSS vulnerability in ActionView's JavaScript literal
escape helpers.
Views that use the `j` or `escape_javascript` methods may be
susceptible to XSS attacks.
For Debian 8 "Jessie", this problem has been fixed in version
2:4.1.8-1+deb8u6.
We recommend that you upgrade your rails packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl50CgkACgkQgj6WdgbD
S5b4ag/+NAhjnmt91oQpApL8ke7S5GHhSHDzO0oV0gmpcSO977SbuQMS8hclgVGa
y91os0W9smGq9A0Z5N7YD5RXTlykGTPjRkdP3U0UBopBfNgRgteKU0qtn7CVGKi7
qLlNWu+iykeyvRwYgi0j/mwJmrcaOAG2Clj2TycEXp6/b4r9Y41sMM1Ml00KRwrv
D67ppuIZYMWHDX/qHIxLCxEBcCCIQPaz4Mkz93skNy4fEY6QsIETVG7jvSqLe4vy
b6jY4aL45r/0vIo9A1LekkHJDvFMDEDX8qMPhzT5X2kfJcLItmIbdfIlhyJVUbHd
BeHfy84dqs9byGNgaf2krSXOrfwnl+3UNEntFH19aMTyv11actUC84unPcW9eEYn
AeRPEErik90Neh4SOP782orqF5Mwlh84CPGpzgCZkC3spcnR87dO7Rmj3+HFXGJY
wxROS8bVhUXY4RxIP8kp4hGrDthcb2+9WR7ycKNexqR/lS0ejpM7vp7PodMwb3xY
rjri8ZtRXDykwxVpsFa8dI4kjpinQ/aI0E+fJ9olLty7htC3J8fnywcwjuZs+iw9
VilGK18W6mqTXXZZ3t/8k4j7safHwHKuYOVtn0tb28QNcxFjWApyI37LhCoF0iQx
s/B7hxhbgDukiMTEjEFWoy9ojTZFK2EuL4dn6EsRD/b5SkE5DuA=
=g92i
-----END PGP SIGNATURE-----
Reply to: