Back to bug 1036922

Who When What Removed Added
Tomas Hoger 2013-12-02 22:19:09 UTC CC security-response-team
Red Hat Bugzilla 2013-12-02 22:19:09 UTC Doc Type --- Bug Fix
Tomas Hoger 2013-12-02 22:20:06 UTC CC abaron, aortega, apevec, ayoung, bdunne, bgollahe, bkearney, bleanhar, briang, ccoleman, chrisw, cpelland, dallan, dmcphers, drieden, gkotton, hateya, jdetiber, jfrey, jialiu, jomara, jrafanie, kseifried, lhh, lmeyer, markmc, mmaslano, mmccune, obarenbo, pmyers, rbryant, sclewis, tdawson, tkramer, vondruch, xlecauch, yeylon
Tomas Hoger 2013-12-02 22:21:18 UTC Whiteboard impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=affected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=affected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected
Tomas Hoger 2013-12-03 09:13:24 UTC Depends On 1036420
Tomas Hoger 2013-12-03 09:31:45 UTC Depends On 1037487
Tomas Hoger 2013-12-03 09:33:18 UTC Depends On 1036421
Tomas Hoger 2013-12-04 08:49:48 UTC Summary EMBARGOED CVE-2013-4491 rubygem-actionpack: i18n missing translation XSS CVE-2013-4491 rubygem-actionpack: i18n missing translation XSS
Tomas Hoger 2013-12-04 08:50:04 UTC Group security, qe_staff
Tomas Hoger 2013-12-05 21:56:32 UTC Blocks 1036411
Kurt Seifried 2013-12-18 03:44:48 UTC Depends On 1036415
John Skeoch 2014-01-13 01:08:21 UTC CC hateya
John Skeoch 2014-03-17 02:02:42 UTC CC abaron iheim
John Skeoch 2014-06-18 07:58:36 UTC CC tkramer mmcgrath
Garth Mollett 2014-06-23 13:12:34 UTC CC gmollett
Whiteboard impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=affected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected
John Skeoch 2014-06-24 00:10:42 UTC CC dallan
Kurt Seifried 2014-07-16 04:56:48 UTC Depends On 1120007
Kurt Seifried 2014-07-16 04:57:07 UTC Depends On 1120008
Kurt Seifried 2014-10-28 23:09:25 UTC Whiteboard impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected
Kurt Seifried 2014-11-01 01:24:52 UTC Depends On 1159440
Kurt Seifried 2014-11-05 05:21:22 UTC Whiteboard impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=wontfix,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected
John Skeoch 2014-11-09 22:57:15 UTC CC jomara athomas
Kurt Seifried 2014-11-13 06:10:06 UTC Blocks 1000138
Martin Prpič 2014-11-14 16:20:49 UTC Doc Text It was discovered that the internationalization component of Ruby on Rails could, under certain circumstances, return a fallback HTML string that contained user input. A remote attacker could possibly use this flaw to perform a reflective cross-site scripting (XSS) attack by providing a specially crafted input to an application using the aforementioned component.
Kurt Seifried 2014-11-18 20:49:35 UTC Depends On 1165370
Kurt Seifried 2014-11-18 20:49:40 UTC Depends On 1165371
Ján Rusnačko 2014-11-21 09:08:04 UTC CC jrusnack
Whiteboard impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=wontfix,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=wontfix,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected,cwe=CWE-79
Kurt Seifried 2015-01-17 05:35:48 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2015-01-17 00:35:48 UTC
Perry Myers 2016-04-26 14:06:44 UTC CC pmyers
Product Security DevOps Team 2019-09-29 13:10:38 UTC Whiteboard impact=moderate,public=20131203,reported=20131201,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-1/ruby193-rubygem-actionpack=affected,rhscl-1.1/ruby200-rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,openshift-1/rubygem-actionpack=affected,openstack-3/ruby193-rubygem-actionpack=affected,openstack-4/ruby193-rubygem-actionpack=notaffected,rhn_satellite_6/ruby193-rubygem-actionpack=affected,cfme-5/ruby193-rubygem-actionpack=wontfix,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=notaffected,cwe=CWE-79
Tomas Hoger 2020-02-28 15:46:15 UTC CC hhorak, jorton, ruby-maint

Back to bug 1036922