FS#63978 - [ruby-rdoc] <6.1.2 CVE-2012-6708, CVE-2015-9251 (XSS in outdated bundles jQuery version)

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Tuesday, 01 October 2019, 14:42 GMT
Last edited by Antonio Rojas (arojas) - Wednesday, 02 October 2019, 10:56 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

ruby-rdoc <=6.1.2 is affected by XSS vulnerabilities in an outdated jQuery version that is bundled within the package:
* CVE-2012-6708
* CVE-2015-9251
https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/

rdoc 6.1.2 and 6.2.0 removed the bundled jQuery library, thus fixing the above mentioned XSS vulnerabilities.
This task depends upon

Closed by  Antonio Rojas (arojas)
Wednesday, 02 October 2019, 10:56 GMT
Reason for closing:  Fixed
Comment by Pascal Ernster (hardfalcon) - Tuesday, 01 October 2019, 14:43 GMT
Oops, should have been "ruby-rdoc <6.1.2" in the first line, sorry for the typo.

Loading...