Fedora 10: rubygem-actionpack Security Update
Summary
Eases web-request routing, handling, and response as a half-way front,
half-way page controller. Implemented with specific emphasis on enabling easy
unit/integration testing that doesn't require a browser.
Update Information:
Two security issues are found on activepack shipped on Fedora 10. One bug is that there is a weakness in the strip_tags function in ruby on rails (bug 542786, CVE-2009-4214). Another one is a possibility to circumvent protection against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm will fix these issues.
Change Log
* Mon Dec 7 2009 Mamoru Tasaka
References
[ 1 ] Bug #542786 - rubygem-actionpack: XSS weakness in strip_tags https://bugzilla.redhat.com/show_bug.cgi?id=542786 [ 2 ] Bug #544329 - rubygem-actionpack: Potential CSRF protection circumvention https://bugzilla.redhat.com/show_bug.cgi?id=544329
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-actionpack' at the command line. For more information, refer to "Managing Software with yum", available at .