[Bug 1030984] Re: CVE-2012-1099: Cross-site scripting (XSS) vulnerability

This bug was fixed in the package ruby-actionpack-2.3 - 2.3.14-2ubuntu0.11.10.1 --- ruby-actionpack-2.3 (2.3.14-2ubuntu0.11.10.1) oneiric-security; urgency=low * SECURITY UPDATE: Cross-site scripting vulnerability (LP: #1030984) - debian/patches/CVE-2012-1099.patch: patch from D

[Bug 1030984] Re: CVE-2012-1099: Cross-site scripting (XSS) vulnerability

This bug was fixed in the package ruby-actionpack-2.3 - 2.3.14-2ubuntu0.12.04.1 --- ruby-actionpack-2.3 (2.3.14-2ubuntu0.12.04.1) precise-security; urgency=low * SECURITY UPDATE: Cross-site scripting vulnerability (LP: #1030984) - debian/patches/CVE-2012-1099.patch: patch from D

[Bug 1030984] Re: CVE-2012-1099: Cross-site scripting (XSS) vulnerability

Thanks, Felix! The debdiff's look good. I added Description and Origin patch tags, but that's obviously minor. I'll get these built and released soon. ** Changed in: ruby-actionpack-2.3 (Ubuntu Oneiric) Status: New => Confirmed ** Changed in: ruby-actionpack-2.3 (Ubuntu Precise) St

[Bug 1030984] Re: CVE-2012-1099: Cross-site scripting (XSS) vulnerability

** Patch added: "oneiric-security debdiff" https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-2.3/+bug/1030984/+attachment/3242751/+files/ruby-actionpack-2.3_2.3.14-2ubuntu0.11.10.1.debdiff ** Changed in: ruby-actionpack-2.3 (Ubuntu) Status: New => Incomplete ** Changed in: ruby

[Bug 1030984] Re: CVE-2012-1099: Cross-site scripting (XSS) vulnerability

I'm attaching debdiffs for oneiric and precise. I think the code lives in the rails package in natty and earlier releases. ** Patch added: "precise-security debdiff" https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-2.3/+bug/1030984/+attachment/3242750/+files/ruby-actionpack-2.3_2.3.1