Advisories » MGASA-2014-0054

Updated ruby-will_paginate package fixes CVE-2013-6459

Publication date: 11 Feb 2014
Modification date: 11 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-6459

Description

Updated ruby-will_paginate packages fix security vulnerability:
Cross-Site Scripting (XSS) vulnerabilities were found in
will_paginate gem for Ruby, where certain input related to
generated pagination links were not properly sanitised before being
returned. This could be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an affected
site. (CVE-2013-6459).
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126924.html
• http://seclists.org/oss-sec/2013/q4/550
• https://bugs.mageia.org/show_bug.cgi?id=12387
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459

SRPMS

3/core

• ruby-will_paginate-3.0.3-3.1.mga3