oss-sec mailing list archives
Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 03 Dec 2013 14:54:05 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/03/2013 02:32 PM, kpolitowicz () nimonik ca wrote:
Thanks. But what's the deal with I18n.enforce_available_locales ?
That's a good question, the technical side of which I would point you at: http://rubygems.org/gems/i18n The latest release fixes security stuff, however they don't do CVE announcements/ChangeLog anywhere I can see. Adding them to this email CC. Guys, if you need help drafting a security announcements I'd be glad to help. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSnlL9AAoJEBYNRVNeJnmTylQQAMRM0bW7cvZXqGxdveD3Gtdf IV66MkWeHyMLQllhvUP5v0cc8yhIf5H2/wxC1OHMClfl7GMbCT/zE+yWGer2I7Vx FacFh1FpRIU+//FE/4480LgEzGukm/VIECAwgLv/IZEx9CprkQDpCvaE9UfKG+cm SGJYSEsFnfRuqJHY/oYTXBK/uRY6xQ0e8gr1LPV4nl3K+W8fHWeZUB+gRIb0GbZH 6A4PIYYaY5TQRPhMf/kPclySefFiqiGaGW0v2D19wWIdrQVHSDWkeEGh228A7coR C32HKZEN/XM3EOGmv0hXfRRKeBMu0GsR0Yd7eoTAKmcpvAsJb6whyoogU0ejegPt BnArVapjgzzABM/qXSChrckIw9C5NVCLOnfl0JWiNuLGictGjPDFEKL51CM0uPRj LbSYbDgn4JxSOTQvSdoNE7XqqY5Ao34AEuv3NZZXwZ5qHTIPM6jHEeSPF5MJT3ZB jQ/iCszUbHIitgkT0Md9NHFv6Brb5LA2i7UoIzKralvnHfcwp+Rjnmtn5g6iGbYv Cggj07MnL3zCgcfpXUbLHJVvc4Cgp4TaJGViV2xp6pOkEcBpy0Qn6gI+8lNQlkBp UVDDtRKmAWB7xsBwClyxQpDTeOTIT1blwJgfmuap6WaeNzSxjaudtvJDv6Bfo/aZ v1oX/WY7gos+m5ixtDWi =adoO -----END PGP SIGNATURE-----
Current thread:
- [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Aaron Patterson (Dec 03)
- Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails kpolitowicz (Dec 03)
- Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Kurt Seifried (Dec 03)
- Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Christopher Dell (Dec 05)
- Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Kurt Seifried (Dec 05)
- Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Kurt Seifried (Dec 03)
- Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails kpolitowicz (Dec 03)
- Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails chris (Dec 05)
- Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails nick (Dec 22)
- Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Solar Designer (Dec 22)