Overview

File _patchinfo of Package patchinfo.10712

<patchinfo incident="10712">
  <issue tracker="bnc" id="1129272">VUL-0: CVE-2019-5418: rubygem-actionpack-4_2,rubygem-actionpack-5_1: possible file content disclosure</issue>
  <issue tracker="bnc" id="1129271">VUL-0: CVE-2019-5419: rubygem-actionpack-4_2,rubygem-actionpack-5_1: potential denial of service vulnerability</issue>
  <issue tracker="cve" id="2019-5418"/>
  <issue tracker="cve" id="2019-5419"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>krauselukas</packager>
  <description>This update for rubygem-actionpack-5_1 fixes the following issues:

Security issues fixed: 

- CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which
  could be exploited via specially crafted accept headers in combination with calls
  to render file (bsc#1129272).
- CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make
  the server unable to process requests (bsc#1129271).
</description>
  <summary>Security update for rubygem-actionpack-5_1</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places