Summary: | <dev-ruby/actionpack-6.0.3.4: XSS vulnerability (CVE-2020-8264) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ruby |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2021-01-07 14:35:31 UTC
Unable to check for sanity:
> no match for package: dev-ruby/actionpack-6.0.34
Sanity check failed:
> dev-ruby/actionpack-6.0.3.4
> bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (3 total)
> ~dev-ruby/actionview-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/actionview-6.0.3.4[ruby_targets_ruby26(-)]
> ~dev-ruby/activemodel-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/activemodel-6.0.3.4[ruby_targets_ruby26(-)]
> ~dev-ruby/activesupport-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/activesupport-6.0.3.4[ruby_targets_ruby26(-)]
> ~dev-ruby/railties-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/railties-6.0.3.4[ruby_targets_ruby26(-)]
> bdepend amd64 stable profile default/linux/amd64/17.1 (14 total)
> ~dev-ruby/actionview-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/actionview-6.0.3.4[ruby_targets_ruby26(-)]
> ~dev-ruby/activemodel-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/activemodel-6.0.3.4[ruby_targets_ruby26(-)]
> ~dev-ruby/activesupport-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/activesupport-6.0.3.4[ruby_targets_ruby26(-)]
> ~dev-ruby/railties-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/railties-6.0.3.4[ruby_targets_ruby26(-)]
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (3 total)
> ~dev-ruby/actionview-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/actionview-6.0.3.4[ruby_targets_ruby26(-)]
> ~dev-ruby/activesupport-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/activesupport-6.0.3.4[ruby_targets_ruby26(-)]
> rdepend amd64 stable profile default/linux/amd64/17.1 (14 total)
> ~dev-ruby/actionview-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/actionview-6.0.3.4[ruby_targets_ruby26(-)]
> ~dev-ruby/activesupport-6.0.3.4[ruby_targets_ruby25(-)]
> ~dev-ruby/activesupport-6.0.3.4[ruby_targets_ruby26(-)]
Not sure what the point of the package list is here. There are no vulnerable versions in the tree anymore so it looks like we are done here. (In reply to Hans de Graaff from comment #3) > Not sure what the point of the package list is here. There are no vulnerable > versions in the tree anymore so it looks like we are done here. Sorry, you're right, only 6.x is vulnerable anyway. Thank you. |