Overview Details Repositories Revisions Requests Users Attributes Meta
update for rubygem-actionpack-3_2

This update fixes the following security issues with rubygem-actionpack-3_2:

- fix CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS
vulnerability in the log subscriber component (bnc#846239)
File CVE-2013-4389.patch contains the fix.
- fix CVE-2013-4491: rubygem-actionpack: i18n missing translation
XSS (bnc#853625). File CVE-2013-4491.patch contains the patch
- fix CVE-2013-6414: rubygem-actionpack: Action View DoS
(bnc#853633). File CVE-2013-6414.patch contains the patch.
- fix CVE-2013-6415: rubygem-actionpack: number_to_currency XSS
(bnc#853632). File CVE-2013-6415.patch contains the patch.
- fix CVE-2013-6417: rubygem-actionpack: unsafe query generation
risk (incomplete fix for CVE-2013-0155) (bnc#853627). File
CVE-2013-6417.patch contains the patch.

Fixed bugs
bnc#846239
VUL-0: CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS vulnerability in the log subscriber component
bnc#853632
VUL-0: CVE-2013-6415: rubygem-actionpack: number_to_currency XSS
bnc#853633
VUL-0: CVE-2013-6414: rubygem-actionpack: Action View DoS
bnc#853627
VUL-0: CVE-2013-6417: rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155)
bnc#853625
VUL-0: CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS
CVE-CVE-2013-4491
CVE-CVE-2013-6414
CVE-CVE-2013-6415
CVE-CVE-2013-6417
CVE-CVE-2013-4389
Selected Binaries
openSUSE Build Service is sponsored by
Places