[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2149-1] rails security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : rails
Version        : 2:4.1.8-1+deb8u6
CVE ID         : CVE-2020-5267
Debian Bug     : 954304


In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a
possible XSS vulnerability in ActionView's JavaScript literal
escape helpers.
Views that use the `j` or `escape_javascript` methods may be
susceptible to XSS attacks.

For Debian 8 "Jessie", this problem has been fixed in version
2:4.1.8-1+deb8u6.

We recommend that you upgrade your rails packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl50CgkACgkQgj6WdgbD
S5b4ag/+NAhjnmt91oQpApL8ke7S5GHhSHDzO0oV0gmpcSO977SbuQMS8hclgVGa
y91os0W9smGq9A0Z5N7YD5RXTlykGTPjRkdP3U0UBopBfNgRgteKU0qtn7CVGKi7
qLlNWu+iykeyvRwYgi0j/mwJmrcaOAG2Clj2TycEXp6/b4r9Y41sMM1Ml00KRwrv
D67ppuIZYMWHDX/qHIxLCxEBcCCIQPaz4Mkz93skNy4fEY6QsIETVG7jvSqLe4vy
b6jY4aL45r/0vIo9A1LekkHJDvFMDEDX8qMPhzT5X2kfJcLItmIbdfIlhyJVUbHd
BeHfy84dqs9byGNgaf2krSXOrfwnl+3UNEntFH19aMTyv11actUC84unPcW9eEYn
AeRPEErik90Neh4SOP782orqF5Mwlh84CPGpzgCZkC3spcnR87dO7Rmj3+HFXGJY
wxROS8bVhUXY4RxIP8kp4hGrDthcb2+9WR7ycKNexqR/lS0ejpM7vp7PodMwb3xY
rjri8ZtRXDykwxVpsFa8dI4kjpinQ/aI0E+fJ9olLty7htC3J8fnywcwjuZs+iw9
VilGK18W6mqTXXZZ3t/8k4j7safHwHKuYOVtn0tb28QNcxFjWApyI37LhCoF0iQx
s/B7hxhbgDukiMTEjEFWoy9ojTZFK2EuL4dn6EsRD/b5SkE5DuA=
=g92i
-----END PGP SIGNATURE-----


Reply to: