[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[scl.org] sclo-ror42: Ruby on Rails 4.2 security updates in testing



Security updates for the sclo-ror42 software collection, which provides
Ruby on Rails 4.2, are now available in the CentOS SCLo SIG testing
repository.

To apply the updates:
yum upgrade --enablerepo=centos-sclo-sclo-testing --nogpgcheck sclo-ror42\*

These fix:
a) CVE-2016-6316: Possible XSS Vulnerability in Action View
https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE
b) CVE-2016-6317: Unsafe Query Generation Risk in Active Record
https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

The packages updated are (both el6/7):
sclo-ror42-rubygem-actionpack-4.2.5.1-2.el7
sclo-ror42-rubygem-activerecord-4.2.5.1-3.el7
sclo-ror42-rubygem-actionview-4.2.5.1-3.el7

I'll push them to stable in a week or so's time, but would appreciate
any feedback.

-- 
Dominic Cleal
dominic cleal org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]