AVG-1041 log

Package ruby-rdoc
Status Fixed
Severity Medium
Type cross-site scripting
Affected 6.1.1-1
Fixed 6.1.2-1
Current 6.6.3.1-1 [extra-testing]
6.5.1.1-2 [extra]
Ticket FS#63978
Created Wed Oct 2 11:44:41 2019
Issue Severity Remote Type Description
CVE-2015-9251 Medium Yes Cross-site scripting
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing...
CVE-2012-6708 Medium Yes Cross-site scripting
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a...
Date Advisory Package Type
02 Oct 2019 ASA-201910-4 ruby-rdoc cross-site scripting
References
https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/
Notes
RDoc is a static documentation generation tool, patching the tool itself is insufficient to mitigate these vulnerabilities. Documentations generated with previous versions have to be re-generated with newer RDoc.