Two vulnerabilities were discovered in Ruby on Rails, a web application framework. The Common Vulnerabilities and Exposures project identifies the following problems:
The cookie store may be vulnerable to a timing attack, potentially allowing remote attackers to forge message digests.
A cross-site scripting vulnerability in the strip_tags function allows remote user-assisted attackers to inject arbitrary web script.
For the oldstable distribution (lenny), these problems have been fixed in version 2.1.0-7+lenny0.2.
For the other distributions, these problems have been fixed in version 2.2.3-2.
We recommend that you upgrade your rails packages.