Advisories » MGASA-2014-0017

Updated ruby-i18n package fixes security vulnerability

Publication date: 21 Jan 2014
Modification date: 21 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4492

Description

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem
before 0.6.6 for Ruby allows remote attackers to inject arbitrary web
script or HTML via a crafted I18n::MissingTranslationData.new call
(CVE-2013-4492).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12095
• http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492

SRPMS

3/core

• ruby-i18n-0.6.1-3.1.mga3