Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#63978 - [ruby-rdoc] <6.1.2 CVE-2012-6708, CVE-2015-9251 (XSS in outdated bundles jQuery version)
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Tuesday, 01 October 2019, 14:42 GMT
Last edited by Antonio Rojas (arojas) - Wednesday, 02 October 2019, 10:56 GMT
Opened by Pascal Ernster (hardfalcon) - Tuesday, 01 October 2019, 14:42 GMT
Last edited by Antonio Rojas (arojas) - Wednesday, 02 October 2019, 10:56 GMT
|
Detailsruby-rdoc <=6.1.2 is affected by XSS vulnerabilities in an outdated jQuery version that is bundled within the package:
* CVE-2012-6708 * CVE-2015-9251 https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/ rdoc 6.1.2 and 6.2.0 removed the bundled jQuery library, thus fixing the above mentioned XSS vulnerabilities. |
This task depends upon
Comment by Pascal Ernster (hardfalcon) -
Tuesday, 01 October 2019, 14:43 GMT
Oops, should have been "ruby-rdoc <6.1.2" in the first line, sorry for the typo.