-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------- Debian Security Advisory DSA-5389-1 security@debian.org https://www.debian.org/security/ Aron Xu
April 14, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : rails
CVE ID : CVE-2023-23913 CVE-2023-28120
Debian Bug : 1033262 1033263

Brief introduction

Two vulnerabilities were discovered in rails, the Ruby based server-side
MVC web application framework, which could lead to XSS and DOM based
cross-site scripting (CRS).

This update also fixes a regression introduced in previous update that
may block certain access for apps using development environment.

For the stable distribution (bullseye), these problems have been fixed in version 2:6.0.3.7+dfsg-2+deb11u2.

We recommend that you upgrade your rails packages.

For the detailed security status of rails please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rails

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmQ5gEQACgkQO1LKKgqv 2VT/iwgAvAA/wob57s9L6OseUHQL9E83qcGgmyukO5rPg0v+DSJXNWZP76ntGemf HQPeD73OqjBymt9JBSkI7ZGqDA8VvqR/5TvXF4IUlVyQ7CQ7DEHcJJVDcMH4MVIK zgl6mGk3eeqZf1e2TmV5+NUkLcOEi8JPlcnA8umue6GiGMOVpee6h57omEJjLrbI WuZc5z4+OEX1PVCgEVVbfsgxY8R43Eu6+3RPciYHkuo/spY6sdqFGWojvVEM25qZ 49Nae4JcUFmK1VWprzZstrlSCaXVmiBQ/grUtHXyMd5jGSHVh7XFdl98ggKasUiU SS3cOqNJS9WzFK6oLORMXfI4iIklNQ==
=FKaG
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)