-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : rails Version : 2:4.1.8-1+deb8u6 CVE ID : CVE-2020-5267 Debian Bug : 954304
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. For Debian 8 "Jessie", this problem has been fixed in version 2:4.1.8-1+deb8u6. We recommend that you upgrade your rails packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Best, Utkarsh -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl50CgkACgkQgj6WdgbD S5b4ag/+NAhjnmt91oQpApL8ke7S5GHhSHDzO0oV0gmpcSO977SbuQMS8hclgVGa y91os0W9smGq9A0Z5N7YD5RXTlykGTPjRkdP3U0UBopBfNgRgteKU0qtn7CVGKi7 qLlNWu+iykeyvRwYgi0j/mwJmrcaOAG2Clj2TycEXp6/b4r9Y41sMM1Ml00KRwrv D67ppuIZYMWHDX/qHIxLCxEBcCCIQPaz4Mkz93skNy4fEY6QsIETVG7jvSqLe4vy b6jY4aL45r/0vIo9A1LekkHJDvFMDEDX8qMPhzT5X2kfJcLItmIbdfIlhyJVUbHd BeHfy84dqs9byGNgaf2krSXOrfwnl+3UNEntFH19aMTyv11actUC84unPcW9eEYn AeRPEErik90Neh4SOP782orqF5Mwlh84CPGpzgCZkC3spcnR87dO7Rmj3+HFXGJY wxROS8bVhUXY4RxIP8kp4hGrDthcb2+9WR7ycKNexqR/lS0ejpM7vp7PodMwb3xY rjri8ZtRXDykwxVpsFa8dI4kjpinQ/aI0E+fJ9olLty7htC3J8fnywcwjuZs+iw9 VilGK18W6mqTXXZZ3t/8k4j7safHwHKuYOVtn0tb28QNcxFjWApyI37LhCoF0iQx s/B7hxhbgDukiMTEjEFWoy9ojTZFK2EuL4dn6EsRD/b5SkE5DuA= =g92i -----END PGP SIGNATURE-----
