• [SECURITY] [DSA 5389-1] rails security update

    From Aron Xu@21:1/5 to All on Fri Apr 14 18:50:02 2023
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5389-1 security@debian.org https://www.debian.org/security/ Aron Xu
    April 14, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : rails
    CVE ID : CVE-2023-23913 CVE-2023-28120
    Debian Bug : 1033262 1033263

    Brief introduction

    Two vulnerabilities were discovered in rails, the Ruby based server-side
    MVC web application framework, which could lead to XSS and DOM based
    cross-site scripting (CRS).

    This update also fixes a regression introduced in previous update that
    may block certain access for apps using development environment.

    For the stable distribution (bullseye), these problems have been fixed in version 2:

    We recommend that you upgrade your rails packages.

    For the detailed security status of rails please refer to
    its security tracker page at:

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

    iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmQ5gEQACgkQO1LKKgqv 2VT/iwgAvAA/wob57s9L6OseUHQL9E83qcGgmyukO5rPg0v+DSJXNWZP76ntGemf HQPeD73OqjBymt9JBSkI7ZGqDA8VvqR/5TvXF4IUlVyQ7CQ7DEHcJJVDcMH4MVIK zgl6mGk3eeqZf1e2TmV5+NUkLcOEi8JPlcnA8umue6GiGMOVpee6h57omEJjLrbI WuZc5z4+OEX1PVCgEVVbfsgxY8R43Eu6+3RPciYHkuo/spY6sdqFGWojvVEM25qZ 49Nae4JcUFmK1VWprzZstrlSCaXVmiBQ/grUtHXyMd5jGSHVh7XFdl98ggKasUiU SS3cOqNJS9WzFK6oLORMXfI4iIklNQ==
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)