Overview

File _patchinfo of Package patchinfo.14031

<patchinfo incident="14031">
  <issue tracker="cve" id="2019-16782"/>
  <issue tracker="cve" id="2018-16471"/>
  <issue tracker="bnc" id="1114828">VUL-0: CVE-2018-16471: rubygem-rack: Cross-site scripting via 'scheme' method on 'Rack:Request'</issue>
  <issue tracker="bnc" id="1116600">VUL-1: CVE-2018-16471: rubygem-rack: XSS vulnerability in Rack</issue>
  <issue tracker="bnc" id="1159548">VUL-0: CVE-2019-16782: rubygem-rack-1_4,rubygem-rack: Possible Information Leak / Session Hijack Vulnerability in Rack</issue>
  <packager>jzerebecki</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for rubygem-rack</summary>
  <description>This update for rubygem-rack to version 2.0.8 fixes the following issues:

- CVE-2018-16471: Fixed a cross-site scripting (XSS) flaw via the scheme method on Rack::Request (bsc#1116600).
- CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability (bsc#1159548).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places