[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-5.fc15

updates at fedoraproject.org updates at fedoraproject.org
Wed Jan 25 22:34:43 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0626
2012-01-17 20:06:21
--------------------------------------------------------------------------------

Name        : rubygem-actionpack
Product     : Fedora 15
Version     : 3.0.5
Release     : 5.fc15
URL         : http://www.rubyonrails.org
Summary     : Web-flow and rendering framework putting the VC in MVC
Description :
Eases web-request routing, handling, and response as a half-way front,
half-way page controller. Implemented with specific emphasis on enabling easy
unit/integration testing that doesn't require a browser.

--------------------------------------------------------------------------------
Update Information:

A cross-site scripting (XSS) flaw was found in the way the 'translate' helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. This release fixes the bug.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 17 2012 Bohuslav Kabrda <bkabrda at redhat.com> - 1:3.0.5-5
- Security fix for XSS flaw, RHBZ #755007 (CVE-2011-4319)
- Patch for tests failing with Ruby-1.8.7.p357.
* Mon Aug 22 2011 Mo Morsi <mmorsi at redhat.com> - 1:3.0.5-4
- Include fixes for BZ#731432 and BZ#731436
* Thu Jun 16 2011 Mo Morsi <mmorsi at redhat.com> - 1:3.0.5-3
- Include fix for CVE-2011-2197
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #755007 - rubygem-actionpack: XSS in the 'translate' helper method [fedora-15]
        https://bugzilla.redhat.com/show_bug.cgi?id=755007
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update rubygem-actionpack' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list