A vulnerability is found on Ruby on Rails in the escaping code for the form helpers, which also affects the rpms shipped in Fedora Project. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML. This issue has been tagged as CVE-2009-3009.
These new rpms will fix this issue.
Please login to add feedback.
This update has been pushed to stable