Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package. The oldstable distribution (squeeze) is not affected by this problem the libi18n-ruby package does not contain the vulnerable code.

For the stable distribution (wheezy), this problem has been fixed in version 0.6.0-3+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 0.6.9-1. We recommend that you upgrade your ruby-i18n packages.

Implementation of the Ruby on Rails I18n core API. This is the same I18n library included in the Ruby on Rails framework, but provided outside of that framework for those who wish to use it without pulling the entire Ruby on Rails framework.

ruby-i18n on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2830.html

---

Updated on 2015-03-25