FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5a016dd0-8aa8-490e-a596-55f4cc17e4efrails -- multiple vulnerabilities

Ruby on Rails blog:

Rails 4.2.5.2, 4.1.14.2, and 3.2.22.2 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible.


Discovery 2016-02-29
Entry 2016-03-06
rubygem-actionpack
< 3.2.22.2

rubygem-actionpack4
< 4.2.5.2

rubygem-actionview
< 4.2.5.2

rubygem-rails
< 3.2.22.2

rubygem-rails4
< 4.2.5.2

CVE-2016-2097
CVE-2016-2098
https://groups.google.com/d/msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
https://groups.google.com/d/msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ
http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
43f1c867-654a-11e6-8286-00248c0c745dRails 4 -- Possible XSS Vulnerability in Action View

Ruby Security team reports:

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316.


Discovery 2016-08-11
Entry 2016-08-18
rubygem-actionview
gt 3.0.0 lt 4.2.7.1

https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE
CVE-2016-6316