[SECURITY] [DSA 5389-1] rails security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5389-1 security@debian.org
https://www.debian.org/security/ Aron Xu
April 14, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : rails
CVE ID : CVE-2023-23913 CVE-2023-28120
Debian Bug : 1033262 1033263
Brief introduction
Two vulnerabilities were discovered in rails, the Ruby based server-side
MVC web application framework, which could lead to XSS and DOM based
cross-site scripting (CRS).
This update also fixes a regression introduced in previous update that
may block certain access for apps using development environment.
For the stable distribution (bullseye), these problems have been fixed in
version 2:6.0.3.7+dfsg-2+deb11u2.
We recommend that you upgrade your rails packages.
For the detailed security status of rails please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rails
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmQ5gEQACgkQO1LKKgqv
2VT/iwgAvAA/wob57s9L6OseUHQL9E83qcGgmyukO5rPg0v+DSJXNWZP76ntGemf
HQPeD73OqjBymt9JBSkI7ZGqDA8VvqR/5TvXF4IUlVyQ7CQ7DEHcJJVDcMH4MVIK
zgl6mGk3eeqZf1e2TmV5+NUkLcOEi8JPlcnA8umue6GiGMOVpee6h57omEJjLrbI
WuZc5z4+OEX1PVCgEVVbfsgxY8R43Eu6+3RPciYHkuo/spY6sdqFGWojvVEM25qZ
49Nae4JcUFmK1VWprzZstrlSCaXVmiBQ/grUtHXyMd5jGSHVh7XFdl98ggKasUiU
SS3cOqNJS9WzFK6oLORMXfI4iIklNQ==
=FKaG
-----END PGP SIGNATURE-----
Reply to: