pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/ruby-actionpack32 Update ruby-actionpack32 to 3.2.8.
details: https://anonhg.NetBSD.org/pkgsrc/rev/6b6d4f5c6c87
branches: trunk
changeset: 607478:6b6d4f5c6c87
user: taca <taca%pkgsrc.org@localhost>
date: Sun Aug 12 12:40:00 2012 +0000
description:
Update ruby-actionpack32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value, there
is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
diffstat:
www/ruby-actionpack32/distinfo | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diffs (13 lines):
diff -r c46ace8ee2f0 -r 6b6d4f5c6c87 www/ruby-actionpack32/distinfo
--- a/www/ruby-actionpack32/distinfo Sun Aug 12 12:38:41 2012 +0000
+++ b/www/ruby-actionpack32/distinfo Sun Aug 12 12:40:00 2012 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.5 2012/07/31 12:55:32 taca Exp $
+$NetBSD: distinfo,v 1.6 2012/08/12 12:40:00 taca Exp $
-SHA1 (actionpack-3.2.7.gem) = 8a9d298a5ba4a88fb3c412c31a99f356572c77fd
-RMD160 (actionpack-3.2.7.gem) = 93e2d53b8c5a64f6e7ef5a803c0605bbe1c8f9fc
-Size (actionpack-3.2.7.gem) = 379392 bytes
+SHA1 (actionpack-3.2.8.gem) = ccc63cc2fcb3131b92d45cf5834aa629857d7258
+RMD160 (actionpack-3.2.8.gem) = ec71996e73831ea346d8e060234a7f7a73881908
+Size (actionpack-3.2.8.gem) = 379392 bytes
Home |
Main Index |
Thread Index |
Old Index