[Bug 1035543] [NEW] Sync ruby-actionpack-3.2 3.2.6-4 (universe) from Debian unstable (main)
Launchpad Bug Tracker
1035543 at bugs.launchpad.net
Sat Aug 11 04:51:29 UTC 2012
You have been subscribed to a public bug by Logan Rosen (logan):
Please sync ruby-actionpack-3.2 3.2.6-4 (universe) from Debian unstable
(main)
Changelog entries since current quantal version 3.2.6-3:
ruby-actionpack-3.2 (3.2.6-4) unstable; urgency=high
* Add patches for security problems (Closes: #684454):
+ CVE-2012-3463 - Ruby on Rails Potential XSS Vulnerability in select_tag
prompt
+ CVE-2012-3465 - XSS Vulnerability in strip_tags
+ Both patches were edited from their original versions in two ways:
- the leading a/ and b/ from the filenames were stripped
- changes over test files were removed, since the Debian package
contains no test files.
-- Antonio Terceiro <terceiro at debian.org> Fri, 10 Aug 2012 13:08:08
-0300
** Affects: ruby-actionpack-3.2 (Ubuntu)
Importance: Undecided
Status: New
--
Sync ruby-actionpack-3.2 3.2.6-4 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/1035543
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list