rails (2:6.0.3.7+dfsg-2+deb11u2) bullseye-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2023-23913: a DOM based cross-site scripting in rails-ujs for contenteditable HTML. * CVE-2023-28120: Possible XSS Security Vulnerability in SafeBuffer#bytesplice. * Address a regression introduced in the fix of CVE-2021-22942. -- Aron Xu <email address hidden> Fri, 07 Apr 2023 01:30:34 +0800