security update for rubygem-actionpack-2_3, rubygem-activesupport-2_3
- added 3-0-escape_html-activesupport.patch: (bnc#775653)
Also encode single quote (CVE-2012-3464)
- added 3-0-strip_tags.patch: (bnc#775649)
Do not mark strip_tags result as html_safe CVE-2012-3465
-
Submitted by
Marcus Rueckert (darix)
Fixed bugs
bnc#775649
CVE-2012-3465: rubygem-rails: strip_tags helper incorrenctly handels malformed HTML resulting in XSS flaw
bnc#775653
CVE-2012-3464: rubygem-rails: XSS flaws when validating single quote characters
