Updated ruby-sprockets packages fix CVE-2014-7819
Publication date: 19 Feb 2015Modification date: 19 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-7819
Description
Updated ruby-sprockets packages fix security vulnerabilities: Multiple directory traversal vulnerabilities in server.rb in Sprockets 2.12.x before 2.12.3, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with double slashes or URL encoding (CVE-2014-7819).
References
SRPMS
4/core
- ruby-sprockets-2.10.0-4.1.mga4