rails (2:6.0.3.7+dfsg-2+deb11u2) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2023-23913: a DOM based cross-site scripting in rails-ujs
for contenteditable HTML.
* CVE-2023-28120: Possible XSS Security Vulnerability in
SafeBuffer#bytesplice.
* Address a regression introduced in the fix of CVE-2021-22942.
-- Aron Xu <email address hidden> Fri, 07 Apr 2023 01:30:34 +0800