[DRE-maint] Bug#971988: rails: CVE-2020-8264

Sun Oct 11 09:11:30 BST 2020

Source: rails
Version: 2:6.0.3.3+dfsg-1
Severity: normal
Tags: security upstream fixed-upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>

Hi,

The following vulnerability was published for rails.

CVE-2020-8264[0]:
| Possible XSS Vulnerability in Action Pack in Development Mode

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-8264
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8264
[1] https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ

Regards,
Salvatore