Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/03/2013 02:32 PM, kpolitowicz () nimonik ca wrote:
> Thanks. But what's the deal with I18n.enforce_available_locales ?

That's a good question, the technical side of which I would point you at:

http://rubygems.org/gems/i18n

The latest release fixes security stuff, however they don't do CVE
announcements/ChangeLog anywhere I can see. Adding them to this email
CC. Guys, if you need help drafting a security announcements I'd be
glad to help.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSnlL9AAoJEBYNRVNeJnmTylQQAMRM0bW7cvZXqGxdveD3Gtdf
IV66MkWeHyMLQllhvUP5v0cc8yhIf5H2/wxC1OHMClfl7GMbCT/zE+yWGer2I7Vx
FacFh1FpRIU+//FE/4480LgEzGukm/VIECAwgLv/IZEx9CprkQDpCvaE9UfKG+cm
SGJYSEsFnfRuqJHY/oYTXBK/uRY6xQ0e8gr1LPV4nl3K+W8fHWeZUB+gRIb0GbZH
6A4PIYYaY5TQRPhMf/kPclySefFiqiGaGW0v2D19wWIdrQVHSDWkeEGh228A7coR
C32HKZEN/XM3EOGmv0hXfRRKeBMu0GsR0Yd7eoTAKmcpvAsJb6whyoogU0ejegPt
BnArVapjgzzABM/qXSChrckIw9C5NVCLOnfl0JWiNuLGictGjPDFEKL51CM0uPRj
LbSYbDgn4JxSOTQvSdoNE7XqqY5Ao34AEuv3NZZXwZ5qHTIPM6jHEeSPF5MJT3ZB
jQ/iCszUbHIitgkT0Md9NHFv6Brb5LA2i7UoIzKralvnHfcwp+Rjnmtn5g6iGbYv
Cggj07MnL3zCgcfpXUbLHJVvc4Cgp4TaJGViV2xp6pOkEcBpy0Qn6gI+8lNQlkBp
UVDDtRKmAWB7xsBwClyxQpDTeOTIT1blwJgfmuap6WaeNzSxjaudtvJDv6Bfo/aZ
v1oX/WY7gos+m5ixtDWi
=adoO
-----END PGP SIGNATURE-----