Debian Security Advisory DSA 2888-1 (ruby-actionpack-3.2 - security update)

Summary
Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.
Solution
For the stable distribution (wheezy), these problems have been fixed in version 3.2.6-6+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 3.2.16-3+0 of the rails-3.2 source package. We recommend that you upgrade your ruby-actionpack-3.2 packages.
Insight
Action Pack is a framework for web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Affected
ruby-actionpack-3.2 on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References