Bug 1039435 (CVE-2013-4492)

Summary: CVE-2013-4492 rubygem-i18n: cross-site scripting flaw in exception handling
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, akarol, aortega, apevec, athomas, ayoung, bdunne, bgollahe, bkabrda, bkearney, bleanhar, bmidwood, cbillett, ccoleman, chrisw, cpelland, dajohnso, dallan, dclarizi, dmcphers, dmetzger, drieden, gkotton, gmccullo, gtanzill, iheim, jdetiber, jfrey, jhardy, jialiu, jkeck, jokerman, jorton, jprause, jrafanie, jrusnack, jstribny, jvlcek, katello-bugs, kseifried, lhh, lmeyer, markmc, mburns, mmaslano, mmccomas, mmccune, mmcgrath, nobody+bgollahe, obarenbo, rbryant, rhos-maint, roliveri, sclewis, simaishi, smallamp, tdawson, tomckay, vondruch, xlecauch, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-20 16:56:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1039441, 1159436, 1159437    
Bug Blocks: 1039439    

Description Murray McAllister 2013-12-09 05:14:47 UTC 
A cross-site scripting flaw was found in the Ruby i18n gem. A remote attacker could use this flaw to perform cross-site scripting attacks against other users.

References:

https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445
https://bugzilla.novell.com/show_bug.cgi?id=854166
Comment 1 Murray McAllister 2013-12-09 05:32:11 UTC 
Created rubygem-i18n tracking bugs for this issue:

Affects: fedora-all [bug 1039441]
Comment 2 Fedora Update System 2013-12-19 07:04:33 UTC 
rubygem-i18n-0.6.0-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2013-12-19 07:05:44 UTC 
rubygem-i18n-0.6.1-4.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2013-12-19 07:07:59 UTC 
rubygem-i18n-0.6.4-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.