Florian Weimer wrote:
Package: rails
Version: 1.2.3-2
Severity: grave
Tags: security upstream
An XSS vulnerability in code that uses to_json has been disclosed:
<http://dev.rubyonrails.org/ticket/8371>
Please mention the name CVE-2007-3227 in the changelog when fixing
this bug. Do you think that an upgrade for the stable distribution is
necessary?
I will take a look at it this weekend. Stable may need to be updated as
well.
Since this is a XSS problem, I don't think it needs a grave severity.
But then some will argue otherwise. Also, nothing on the "Ruby on Rails
security announcement list"... hmmmm....
- Adam
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]