Overview

File CVE-2019-5418_and_CVE-2019-5419.patch of Package rubygem-actionpack-5_1.10712

diff --git actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
index c4fe3a5c09..9a93a454bc 100644
--- actionpack/lib/action_dispatch/http/mime_negotiation.rb
+++ actionpack/lib/action_dispatch/http/mime_negotiation.rb
@@ -76,6 +76,11 @@ def formats
           else
             [Mime[:html]]
           end
+
+          v = v.select do |format|
+            format.symbol || format.ref == "*/*"
+          end
+
           set_header k, v
         end
       end
openSUSE Build Service is sponsored by
Places