DLA 2149-1: rails security update

Debian 10219 Published 2020-03-20 06:31 by Philipp Esselbach

News

A rails security update has been released for Debian GNU/Linux 8 LTS to address a possible XSS vulnerability in ActionView's JavaScript literal escape helpers.

Package : rails
Version : 2:4.1.8-1+deb8u6
CVE ID : CVE-2020-5267
Debian Bug : 954304

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a
possible XSS vulnerability in ActionView's JavaScript literal
escape helpers.
Views that use the `j` or `escape_javascript` methods may be
susceptible to XSS attacks.

For Debian 8 "Jessie", this problem has been fixed in version
2:4.1.8-1+deb8u6.

We recommend that you upgrade your rails packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

GLSA 202003-42 : libgit2: Multiple vulnerabilities

USN-4308-1: Twisted vulnerabilities

Windows

Windows 11 499
Windows 11 Insider Preview Build 22635.4510 (Beta Channel) released
2024-11-16 06:23 by Philipp Esselbach
Microsoft 11799
Windows Package Manager v1.10.40 Preview released
2024-11-16 07:08 by Philipp Esselbach
Software 42752
Fort Firewall 3.14.12 released
2024-11-15 16:03 by Philipp Esselbach

Linux

KDE 1536
digiKam 8.5.0 released
2024-11-16 14:11 by Philipp Esselbach
Fedora Linux 8775
Fedora Linux 41-20241115 Updated ISOs released
2024-11-16 07:28 by Philipp Esselbach
Software 42752
VSCodium 1.95.3.24321 released
2024-11-16 07:20 by Philipp Esselbach

macOS

Apple 10244
visionOS 2.2 Beta 2 released
2024-11-13 06:32 by Philipp Esselbach
Apple 10244
iOS 18.2 Beta 3 released
2024-11-12 07:20 by Philipp Esselbach
Apple 10244
macOS Sequoia 15.2 beta 3 released
2024-11-12 07:17 by Philipp Esselbach

Community

dhamu
Hello Phil, I have a Linux Tutorial website that curre ...
StephanX
Hi friends, i am new in the Linux universe but i try to ...
Philipp
I would try the XanMod kernel: https://xanmod.org I ...