December 9, 2009, 7:28 pm
542786 - rubygem-actionpack: XSS weakness in strip_tags
544329 - rubygem-actionpack: Potential CSRF protection circumvention
Two security issues are found on activepack shipped on Fedora 10. One bug is that there is a weakness in the strip_tags function in ruby on rails (bug 542786, CVE-2009-4214). Another one is a possibility to circumvent protection against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm will fix these issues...