Summary: | <dev-ruby/jquery-rails-{3.1.3:3,4.0.4:4}: CSRF (CVE-2015-1840) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hans de Graaff <graaff> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://groups.google.com/forum/#!topic/rubyonrails-security/XIZPbobuwaY | ||
Whiteboard: | ~4 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Hans de Graaff
2015-06-16 20:08:02 UTC
dev-ruby/jquery-rails-3.1.3 and dev-ruby/jquery-rails-4.0.4 are now in the gentoo tree. dev-ruby/jquery-rails:2 is not mentioned in the CVE but assumed to be vulnerable as well. It will be masked for removal along with dev-ruby/best_in_place-2.1.0 which still depends on it. We still have a pending version bump for best_in_place that should probably be done first. I removed vulnerable versions for slot :3 and :4. Still waiting for :2 best_in_place-3.0.3 is now in the tree. Nothing in the tree depends on it, so I've removed the old version right away. Security: Please ack, that no glsa is needed (no stable) and mark as resolved. |