Back to bug 1036910
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2013-12-02 21:38:24 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2013-12-02 21:38:24 UTC | Doc Type | --- | Bug Fix |
| Tomas Hoger | 2013-12-02 21:39:19 UTC | CC | abaron, aortega, apevec, ayoung, bdunne, bgollahe, bkearney, bleanhar, briang, ccoleman, chrisw, cpelland, dallan, dmcphers, drieden, gkotton, hateya, jdetiber, jfrey, jialiu, jomara, jrafanie, kseifried, lhh, lmeyer, markmc, mmaslano, mmccune, obarenbo, pmyers, rbryant, sclewis, tdawson, tkramer, vondruch, xlecauch, yeylon | |
| Tomas Hoger | 2013-12-02 21:43:40 UTC | Whiteboard | impact=moderate,public=no,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=affected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected | impact=moderate,public=no,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=affected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected |
| Tomas Hoger | 2013-12-02 21:48:00 UTC | Whiteboard | impact=moderate,public=no,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=affected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected | impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=affected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected |
| Tomas Hoger | 2013-12-02 22:07:53 UTC | Blocks | 1036411 | |
| Tomas Hoger | 2013-12-03 09:13:24 UTC | Depends On | 1036420 | |
| Tomas Hoger | 2013-12-03 09:31:45 UTC | Depends On | 1037487 | |
| Tomas Hoger | 2013-12-03 09:33:18 UTC | Depends On | 1036421 | |
| Tomas Hoger | 2013-12-04 08:42:58 UTC | Summary | EMBARGOED CVE-2013-6415 rubygem-actionpack: number_to_currency XSS | CVE-2013-6415 rubygem-actionpack: number_to_currency XSS |
| Tomas Hoger | 2013-12-04 08:43:12 UTC | Group | security, qe_staff | |
| Kurt Seifried | 2013-12-18 03:44:48 UTC | Depends On | 1036415 | |
| John Skeoch | 2014-01-13 01:08:21 UTC | CC | hateya | |
| John Skeoch | 2014-03-17 02:02:42 UTC | CC | abaron | iheim |
| John Skeoch | 2014-06-18 07:58:36 UTC | CC | tkramer | mmcgrath |
| Garth Mollett | 2014-06-23 13:09:45 UTC | CC | gmollett | |
| Whiteboard | impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=affected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected | impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected | ||
| John Skeoch | 2014-06-24 00:10:42 UTC | CC | dallan | |
| Kurt Seifried | 2014-07-16 04:55:23 UTC | Depends On | 1120007 | |
| Kurt Seifried | 2014-07-16 04:55:41 UTC | Depends On | 1120008 | |
| Kurt Seifried | 2014-10-28 23:09:34 UTC | Whiteboard | impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected | impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected |
| Kurt Seifried | 2014-11-01 01:21:50 UTC | Depends On | 1159435 | |
| John Skeoch | 2014-11-09 22:57:15 UTC | CC | jomara | athomas |
| Kurt Seifried | 2014-11-13 06:10:20 UTC | Blocks | 1000138 | |
| Martin Prpič | 2014-11-14 16:21:41 UTC | Doc Text | It was found that the number_to_currency Action View helper did not properly escape the unit parameter. An attacker could use this flaw to perform a cross-site scripting (XSS) attack on an application that uses data submitted by a user in the unit parameter. | |
| Kurt Seifried | 2014-11-18 20:54:48 UTC | Depends On | 1165381 | |
| Kurt Seifried | 2014-11-18 20:54:53 UTC | Depends On | 1165382 | |
| Ján Rusnačko | 2014-11-21 09:07:47 UTC | CC | jrusnack | |
| Whiteboard | impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected | impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected,cwe=CWE-79 | ||
| Kurt Seifried | 2015-01-17 05:35:41 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2015-01-17 00:35:41 UTC | |||
| Perry Myers | 2016-04-26 16:42:27 UTC | CC | pmyers | |
| Product Security DevOps Team | 2019-09-29 13:10:38 UTC | Whiteboard | impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected,cwe=CWE-79 | |
| Tomas Hoger | 2020-02-28 15:45:00 UTC | CC | hhorak, jorton, ruby-maint |
Back to bug 1036910