-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5389-1                   security@debian.org
https://www.debian.org/security/                                  Aron Xu
April 14, 2023                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : rails
CVE ID         : CVE-2023-23913 CVE-2023-28120
Debian Bug     : 1033262 1033263

Brief introduction 

Two vulnerabilities were discovered in rails, the Ruby based server-side
MVC web application framework, which could lead to XSS and DOM based
cross-site scripting (CRS).

This update also fixes a regression introduced in previous update that
may block certain access for apps using development environment.

For the stable distribution (bullseye), these problems have been fixed in
version 2:6.0.3.7+dfsg-2+deb11u2.

We recommend that you upgrade your rails packages.

For the detailed security status of rails please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rails

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmQ5gEQACgkQO1LKKgqv
2VT/iwgAvAA/wob57s9L6OseUHQL9E83qcGgmyukO5rPg0v+DSJXNWZP76ntGemf
HQPeD73OqjBymt9JBSkI7ZGqDA8VvqR/5TvXF4IUlVyQ7CQ7DEHcJJVDcMH4MVIK
zgl6mGk3eeqZf1e2TmV5+NUkLcOEi8JPlcnA8umue6GiGMOVpee6h57omEJjLrbI
WuZc5z4+OEX1PVCgEVVbfsgxY8R43Eu6+3RPciYHkuo/spY6sdqFGWojvVEM25qZ
49Nae4JcUFmK1VWprzZstrlSCaXVmiBQ/grUtHXyMd5jGSHVh7XFdl98ggKasUiU
SS3cOqNJS9WzFK6oLORMXfI4iIklNQ==
=FKaG
-----END PGP SIGNATURE-----