FS#63978 : [ruby-rdoc] <6.1.2 CVE-2012-6708, CVE-2015-9251 (XSS in outdated bundles jQuery version)

FS#63978 - [ruby-rdoc] <6.1.2 CVE-2012-6708, CVE-2015-9251 (XSS in outdated bundles jQuery version)

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Tuesday, 01 October 2019, 14:42 GMT
Last edited by Antonio Rojas (arojas) - Wednesday, 02 October 2019, 10:56 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

ruby-rdoc <=6.1.2 is affected by XSS vulnerabilities in an outdated jQuery version that is bundled within the package:
* CVE-2012-6708
* CVE-2015-9251
https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/

rdoc 6.1.2 and 6.2.0 removed the bundled jQuery library, thus fixing the above mentioned XSS vulnerabilities.

This task depends upon

Closed by Antonio Rojas (arojas)
Wednesday, 02 October 2019, 10:56 GMT
Reason for closing: Fixed

Comment by Pascal Ernster (hardfalcon) - Tuesday, 01 October 2019, 14:43 GMT

Oops, should have been "ruby-rdoc <6.1.2" in the first line, sorry for the typo.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#63978 - [ruby-rdoc] <6.1.2 CVE-2012-6708, CVE-2015-9251 (XSS in outdated bundles jQuery version)

Details

Loading...