[SECURITY] [DLA 2149-1] rails security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2149-1] rails security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Fri, 20 Mar 2020 05:40:53 +0530
Message-id: <[🔎] 64341b37-b9fa-b967-2ef2-f245c83d48bd@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : rails
Version        : 2:4.1.8-1+deb8u6
CVE ID         : CVE-2020-5267
Debian Bug     : 954304


In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a
possible XSS vulnerability in ActionView's JavaScript literal
escape helpers.
Views that use the `j` or `escape_javascript` methods may be
susceptible to XSS attacks.

For Debian 8 "Jessie", this problem has been fixed in version
2:4.1.8-1+deb8u6.

We recommend that you upgrade your rails packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl50CgkACgkQgj6WdgbD
S5b4ag/+NAhjnmt91oQpApL8ke7S5GHhSHDzO0oV0gmpcSO977SbuQMS8hclgVGa
y91os0W9smGq9A0Z5N7YD5RXTlykGTPjRkdP3U0UBopBfNgRgteKU0qtn7CVGKi7
qLlNWu+iykeyvRwYgi0j/mwJmrcaOAG2Clj2TycEXp6/b4r9Y41sMM1Ml00KRwrv
D67ppuIZYMWHDX/qHIxLCxEBcCCIQPaz4Mkz93skNy4fEY6QsIETVG7jvSqLe4vy
b6jY4aL45r/0vIo9A1LekkHJDvFMDEDX8qMPhzT5X2kfJcLItmIbdfIlhyJVUbHd
BeHfy84dqs9byGNgaf2krSXOrfwnl+3UNEntFH19aMTyv11actUC84unPcW9eEYn
AeRPEErik90Neh4SOP782orqF5Mwlh84CPGpzgCZkC3spcnR87dO7Rmj3+HFXGJY
wxROS8bVhUXY4RxIP8kp4hGrDthcb2+9WR7ycKNexqR/lS0ejpM7vp7PodMwb3xY
rjri8ZtRXDykwxVpsFa8dI4kjpinQ/aI0E+fJ9olLty7htC3J8fnywcwjuZs+iw9
VilGK18W6mqTXXZZ3t/8k4j7safHwHKuYOVtn0tb28QNcxFjWApyI37LhCoF0iQx
s/B7hxhbgDukiMTEjEFWoy9ojTZFK2EuL4dn6EsRD/b5SkE5DuA=
=g92i
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2145-2] twisted security update
Next by Date: [SECURITY] [DLA 2150-1] thunderbird security update
Previous by thread: [SECURITY] [DLA 2145-2] twisted security update
Next by thread: [SECURITY] [DLA 2150-1] thunderbird security update
Index(es):
- Date
- Thread