--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0643
2012-01-17 20:07:24
--------------------------------------------------------------------------------
Name : rubygem-actionpack
Product : Fedora 16
Version : 3.0.10
Release : 2.fc16
URL : http://www.rubyonrails.org
Summary : Web-flow and rendering framework putting the VC in MVC
Description :
Eases web-request routing, handling, and response as a half-way front,
half-way page controller. Implemented with specific emphasis on enabling easy
unit/integration testing that doesn't require a browser.
--------------------------------------------------------------------------------
Update Information:
A cross-site scripting (XSS) flaw was found in the way the 'translate' helper
method of the Ruby on Rails performed HTML escaping of interpolated user input,
when interpolation in combination with HTML-safe translations were used. This
release fixes the bug.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 17 2012 Bohuslav Kabrda <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.0.10-2
- Security fix for XSS flaw, RHBZ #755006 (CVE-2011-4319)
- Patch for tests failing with Ruby-1.8.7.p357.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #755006 - rubygem-actionpack: XSS in the 'translate' helper method
[fedora-16]
https://bugzilla.redhat.com/show_bug.cgi?id=755006
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update rubygem-actionpack' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0626
2012-01-17 20:06:21
--------------------------------------------------------------------------------
Name : rubygem-actionpack
Product : Fedora 15
Version : 3.0.5
Release : 5.fc15
URL : http://www.rubyonrails.org
Summary : Web-flow and rendering framework putting the VC in MVC
Description :
Eases web-request routing, handling, and response as a half-way front,
half-way page controller. Implemented with specific emphasis on enabling easy
unit/integration testing that doesn't require a browser.
--------------------------------------------------------------------------------
Update Information:
A cross-site scripting (XSS) flaw was found in the way the 'translate' helper
method of the Ruby on Rails performed HTML escaping of interpolated user input,
when interpolation in combination with HTML-safe translations were used. This
release fixes the bug.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 17 2012 Bohuslav Kabrda <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.0.5-5
- Security fix for XSS flaw, RHBZ #755007 (CVE-2011-4319)
- Patch for tests failing with Ruby-1.8.7.p357.
* Mon Aug 22 2011 Mo Morsi <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.0.5-4
- Include fixes for BZ#731432 and BZ#731436
* Thu Jun 16 2011 Mo Morsi <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.0.5-3
- Include fix for CVE-2011-2197
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #755007 - rubygem-actionpack: XSS in the 'translate' helper method
[fedora-15]
https://bugzilla.redhat.com/show_bug.cgi?id=755007
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update rubygem-actionpack' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke