-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3191
                       ruby-kaminari security update
                             23 September 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ruby-kaminari
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Cross-site Scripting -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-11082  

Reference:         ESB-2020.2265
                   ESB-2020.1890

Original Bulletin: 
   http://www.debian.org/lts/security/2021/dla-2763

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2763-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
September 22, 2021                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ruby-kaminari
Version        : 0.17.0-3+deb9u1
CVE ID         : CVE-2020-11082
Debian Bug     : 961847

A security vulnerability has been found in Kaminari, a pagination engine plugin
for Rails 3+ and other modern frameworks, that would allow an attacker to
inject arbitrary code into pages with pagination links.

For Debian 9 stretch, this problem has been fixed in version
0.17.0-3+deb9u1.

We recommend that you upgrade your ruby-kaminari packages.

For the detailed security status of ruby-kaminari please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-kaminari

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFLTjxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRN6RAAzoYbkPM4FhSt76v36uui0DaDg/23JxC05nGQgnj+4zJSoELvMAQDpFee
M+WuLGEzO+wfDIiM5/5MMAG71AAYKQD6v1Bkpkx9eR6MAhO/ikAQE5pHP0tDrnVs
UFKM+0S4IA+Z9MXViYpOvUbLxKoKWZ5WWMpKUkugc9jYUqW81t6HCfjoO9BGxboa
8m77YJCxwCXl0yaFQMd5vQtLC6JSbbRW+xzs6/8OmxV8TSfCvwcObfQ91OV5nWzz
9gp5yXb3mIefuqz1Y0QfQzZ/ZWubwc7NYkqg0jRbwe3g7pSK3iYrORiRi9L1sVs8
0JGBHKvLK9UQQYckiGJWkBvXGS7YICA1kghLGZhZ18ZdcizuUqp74FKsSllxP9Z7
zeeqpx9f1YEA0uJYU+U/O8IJbDNjjMdRGOL32mULnGmztN4itI5rYcppPMC24yhq
u73UFL/s68NnN4hoZpT3maf4MkaeqFE3tkTWWKcPJxqwqfYf9/GiP55tgdL7Vyec
oGhC8inxksVCAA+Ey+gYE2QDxS5N7u7epJNlJFU+OEgE6lDvEE+MXsZuY6/IXU1H
zqxSeflr/Y96ZDaDRwCWiIp8zF7lLAMkXyE1eIfGH0EW/uKwfMIhv8jnFD2rvY2H
gRAA6OXbcMOAjuFMqHUkSOl8KAqlpLTD/gam4eV3ZNjxeyACwnM=
=7zAD
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYUvdouNLKJtyKPYoAQit9g//X5HFV17vkhC6q4bDZYEqWWwCWCBAZGs1
AoG1m5vSPEjPt5BcJsBxH8idIvXmQ8GMWLeLPxPZbsqE/RtBW14kG0TOYGDLKVU4
f6jz+yjhwFDSj+7A8qc/lvlnMzJ6VU85EvKpNaXWrr7Ejlw7wEWV+n9qUBS1/t8E
/tgZzhxvB6AwTffjGGDQEFAShRusEPNQb13ATZeFwVRtZDRjh+oPi1ZUlZoQVHzz
88Ktv18bu5m4yg9xuWEP8cIUEuaGMEPBiI94RwOgT/bP+ZJE9lmxEyRKLZFXaPP1
63VUp4QrpofHPVURHvXJBl9goEUjQMUvsye1qof/AMd6BxJ9z4nDoH37ytHJ2OtP
K0VkLxN1Wz+wCekOAA2/GQdprbXVofnTAdVJAr6ubPRkEQE6ppY3wSK6oXsgj2TC
/e1lMxoYd5pu0nknTi+47Y5sBhRqSOwBbGnsbvlWLyknPcOXmEkpiHCF0whvj5xW
bYC+Y5l2tIoQ1MHmMZEOaZGQlEL0m65OZ/OBGdmzDh5BQOow4YukrfY472x9t/pP
uVkGkNiy1k7dDlg++cddbv1U4DWiijx/fQhl4NOG5cxaGYxNvo287VMeDLJxr16c
hLtgppiq1jWG3RH7y0GIs5PC9qb9Uo9AAeiAZiE8LS8vvmd0w7d7rLR5oatn18se
LBKs0nv1xGE=
=Qx7x
-----END PGP SIGNATURE-----