Upstream information
CVE-2011-0446 at MITRE
Description
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Novell/SUSE information
Novell Bugzilla entry:
668817
SUSE Security Advisories:
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Studio Standard Edition 1.2 | rubygem-actionmailer-2_3 >= 2.3.14-0.7.4.3rubygem-actionpack-2_3 >= 2.3.14-0.7.4.3rubygem-activerecord-2_3 >= 2.3.14-0.7.4.3rubygem-activeresource-2_3 >= 2.3.14-0.7.4.3rubygem-activesupport-2_3 >= 2.3.14-0.7.4.3rubygem-rack >= 1.1.2-0.8.8.3rubygem-rails >= 2.3.14-0.8.6.1rubygem-rails-2_3 >= 2.3.14-0.7.4.3
| Builds
SAT Patch Nr: 5884 |
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
WebYaST 1.2 | rubygem-actionmailer-2_3 >= 2.3.14-0.7.4.3rubygem-actionpack-2_3 >= 2.3.14-0.7.4.3rubygem-activerecord-2_3 >= 2.3.14-0.7.4.3rubygem-activeresource-2_3 >= 2.3.14-0.7.4.3rubygem-activesupport-2_3 >= 2.3.14-0.7.4.3rubygem-rack >= 1.1.2-0.8.8.3rubygem-rails-2_3 >= 2.3.14-0.7.4.3
| Builds
SAT Patch Nr: 5884 |
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP2 | rubygem-actionpack-2_1 >= 2.1.2-1.12.2rubygem-activerecord-2_1 >= 2.1.2-1.4.5
| sle11-sp2-sdk.ia64
sle11-sp2-sdk.s390x
sle11-sp2-sdk.x86-64
sle11-sp1-sdk.s390x
sle11-sp1-sdk.x86-64
sle11-sp1-sdk.x86
sle11-sp2-sdk.ppc
sle11-sp1-sdk.ia64
sle11-sp1-sdk.ppc
sle11-sp2-sdk.x86
SAT Patch Nr: 5875 |
| openSUSE 11.3 | rubygem-actionmailer >= 2.3.14-0.3.1rubygem-actionmailer-2_3 >= 2.3.14-0.3.1rubygem-actionpack >= 2.3.14-0.3.1rubygem-actionpack-2_3 >= 2.3.14-0.2.1rubygem-activerecord >= 2.3.14-0.3.1rubygem-activerecord-2_3 >= 2.3.14-0.3.1rubygem-activeresource >= 2.3.14-0.3.1rubygem-activeresource-2_3 >= 2.3.14-0.3.1rubygem-activesupport >= 2.3.14-0.3.1rubygem-activesupport-2_3 >= 2.3.14-0.3.1rubygem-rack >= 1.1.2-0.3.1rubygem-rails >= 2.3.14-0.3.1rubygem-rails-2_3 >= 2.3.14-0.3.1
| |
| openSUSE 11.4 | rubygem-actionmailer >= 2.3.14-0.3.1rubygem-actionmailer-2_3 >= 2.3.14-0.3.1rubygem-actionmailer-2_3-doc >= 2.3.14-0.3.1rubygem-actionmailer-2_3-testsuite >= 2.3.14-0.3.1rubygem-actionpack >= 2.3.14-0.3.1rubygem-actionpack-2_3 >= 2.3.14-0.3.1rubygem-actionpack-2_3-doc >= 2.3.14-0.3.1rubygem-actionpack-2_3-testsuite >= 2.3.14-0.3.1rubygem-activerecord >= 2.3.14-0.3.1rubygem-activerecord-2_3 >= 2.3.14-0.3.1rubygem-activerecord-2_3-doc >= 2.3.14-0.3.1rubygem-activerecord-2_3-testsuite >= 2.3.14-0.3.1rubygem-activeresource >= 2.3.14-0.3.1rubygem-activeresource-2_3 >= 2.3.14-0.3.1rubygem-activeresource-2_3-doc >= 2.3.14-0.3.1rubygem-activeresource-2_3-testsuite >= 2.3.14-0.3.1rubygem-activesupport >= 2.3.14-0.3.1rubygem-activesupport-2_3 >= 2.3.14-0.3.1rubygem-activesupport-2_3-doc >= 2.3.14-0.3.1rubygem-rack >= 1.1.2-0.3.1rubygem-rails >= 2.3.14-0.3.1rubygem-rails-2_3 >= 2.3.14-0.3.1rubygem-rails-2_3-doc >= 2.3.14-0.3.1
| |
