Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#63978 - [ruby-rdoc] <6.1.2 CVE-2012-6708, CVE-2015-9251 (XSS in outdated bundles jQuery version)

Attached to Project: Arch Linux
Opened by Pascal E. (hardfalcon) - Tuesday, 01 October 2019, 14:42 GMT
Last edited by Antonio Rojas (arojas) - Wednesday, 02 October 2019, 10:56 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

ruby-rdoc <=6.1.2 is affected by XSS vulnerabilities in an outdated jQuery version that is bundled within the package:
* CVE-2012-6708
* CVE-2015-9251
https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/

rdoc 6.1.2 and 6.2.0 removed the bundled jQuery library, thus fixing the above mentioned XSS vulnerabilities.
This task depends upon

Closed by  Antonio Rojas (arojas)
Wednesday, 02 October 2019, 10:56 GMT
Reason for closing:  Fixed
Comment by Pascal E. (hardfalcon) - Tuesday, 01 October 2019, 14:43 GMT
Oops, should have been "ruby-rdoc <6.1.2" in the first line, sorry for the typo.

Loading...