Advisories ยป MGASA-2014-0017

Updated ruby-i18n package fixes security vulnerability

Publication date: 21 Jan 2014
Modification date: 21 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4492

Description

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem
before 0.6.6 for Ruby allows remote attackers to inject arbitrary web
script or HTML via a crafted I18n::MissingTranslationData.new call
(CVE-2013-4492).
                

References

SRPMS

3/core