diff options
| author | taca <taca@pkgsrc.org> | 2012-08-12 09:46:45 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2012-08-12 09:46:45 +0000 |
| commit | f3c171aa8623f04e00a341012551f68b0685bf7d (patch) | |
| tree | 4401c7ec1e8768cf1f76854c56083de5006099f9 /www | |
| parent | 463b646ddf319afa32a4720b50c624160206312f (diff) | |
| download | pkgsrc-f3c171aa8623f04e00a341012551f68b0685bf7d.tar.gz | |
Update ruby-actionpack3 to 3.0.17
## Rails 3.0.17 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
value is not escaped. If untrusted data is not escaped, and is supplied as
the prompt value, there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
Diffstat (limited to 'www')
| -rw-r--r-- | www/ruby-actionpack3/distinfo | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/www/ruby-actionpack3/distinfo b/www/ruby-actionpack3/distinfo index 120c85bac85..27645533848 100644 --- a/www/ruby-actionpack3/distinfo +++ b/www/ruby-actionpack3/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.15 2012/07/31 12:24:29 taca Exp $ +$NetBSD: distinfo,v 1.16 2012/08/12 09:46:45 taca Exp $ -SHA1 (actionpack-3.0.16.gem) = e07eb21b957a1d3fc08c8dd49c709cebe5274625 -RMD160 (actionpack-3.0.16.gem) = 9bcb8da14d62e84dfc8a181872634f1c5f2a3eec -Size (actionpack-3.0.16.gem) = 355328 bytes +SHA1 (actionpack-3.0.17.gem) = d376046160772c1ef74804ed24173c998482b7b7 +RMD160 (actionpack-3.0.17.gem) = 498c240a97f86c3f6f4a7d336a5d16952d513aba +Size (actionpack-3.0.17.gem) = 355840 bytes |