Fedora Core 10 FEDORA-2009-9799 (rubygem-activesupport)

Summary
The remote host is missing an update to rubygem-activesupport announced via advisory FEDORA-2009-9799.
Solution
Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update rubygem-activesupport' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9799
Insight
Update Information: A vulnerability is found on Ruby on Rails in the escaping code for the form helpers, which also affects the rpms shipped in Fedora Project. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML. This issue has been tagged as CVE-2009-3009. These new rpms will fix this issue. ChangeLog: * Mon Sep 21 2009 Mamoru Tasaka - 2.1.1-2 - Patch for CVE-2009-3009 (bug 520843)
References