CVE-2013-4492 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4492): Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call. @maintainers: I'm pretty sure that this affects the 0.4 slot. Is it possible to stabilize 0.6.6 and clean 0.4?
I checked the source. It seems to be not affected.
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2013-4492 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4492): > Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem > before 0.6.6 for Ruby allows remote attackers to inject arbitrary web > script > or HTML via a crafted I18n::MissingTranslationData.new call. > > > @maintainers: I'm pretty sure that this affects the 0.4 slot. Is it possible > to stabilize 0.6.6 and clean 0.4? i18n:0.4 is going to be masked this weekend due to rails 2.3 security bugs and the fact that we only support it for the deprecated ruby18.
Maintainer(s), Thank you for cleanup! No GLSA needed as there are no stable versions.