svn commit: r535637 - head/security/vuxml
Sunpoet Po-Chuan Hsieh
sunpoet at FreeBSD.org
Sun May 17 18:33:15 UTC 2020
Author: sunpoet
Date: Sun May 17 18:33:09 2020
New Revision: 535637
URL: https://svnweb.freebsd.org/changeset/ports/535637
Log:
Document rails vulnerability
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun May 17 18:32:50 2020 (r535636)
+++ head/security/vuxml/vuln.xml Sun May 17 18:33:09 2020 (r535637)
@@ -58,6 +58,36 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="ce6db19b-976e-11ea-93c4-08002728f74c">
+ <topic>Rails -- remote code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>rubygem-actionview4</name>
+ <range><lt>4.2.11.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ruby on Rails blog:</p>
+ <blockquote cite="https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/">
+ <p>Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant
+ error. To address this Rails 4.2.11.3 has been released.</p>
+ <p>The original announcement for CVE-2020-8163 has a follow-up message
+ with an updated patch if you’re unable to use the gems.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/</url>
+ <url>https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0</url>
+ <cvename>CVE-2020-8163</cvename>
+ </references>
+ <dates>
+ <discovery>2020-05-15</discovery>
+ <entry>2020-05-16</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6bf55af9-973b-11ea-9f2c-38d547003487">
<topic>salt -- multiple vulnerabilities in salt-master process</topic>
<affects>
More information about the svn-ports-all
mailing list