Fedora alert FEDORA-2011-2133 (rubygem-actionpack)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 14 Update: rubygem-actionpack-2.3.8-3.fc14 | |
| Date: | Sat, 05 Mar 2011 02:39:03 +0000 | |
| Message-ID: | <20110305023903.233CD110508@bastion02.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-2133 2011-02-24 20:24:59 -------------------------------------------------------------------------------- Name : rubygem-actionpack Product : Fedora 14 Version : 2.3.8 Release : 3.fc14 URL : http://www.rubyonrails.org Summary : Web-flow and rendering framework putting the VC in MVC Description : Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. -------------------------------------------------------------------------------- Update Information: Security fixes (CVE-2011-0446, CVE-2011-0447). -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 24 2011 Vít Ondruch <vondruch@redhat.com> - 1:2.3.8-3 - Fixed CVE-2011-0446 - Fixed CVE-2011-0447 -------------------------------------------------------------------------------- References: [ 1 ] Bug #677626 - CVE-2011-0446 rubygem-actionpack: Multiple XSS flaws via crafted name or email value in the mail_to_helper https://bugzilla.redhat.com/show_bug.cgi?id=677626 [ 2 ] Bug #677631 - CVE-2011-0447 rubygem-actionpack: CSRF flaws due improper validation of HTTP headers containing X-Requested-With header https://bugzilla.redhat.com/show_bug.cgi?id=677631 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-actionpack' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...