Version in base suite: 0.9.28-2 Base version: yard_0.9.28-2 Target version: yard_0.9.28-2+deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/y/yard/yard_0.9.28-2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/y/yard/yard_0.9.28-2+deb12u1.dsc changelog | 7 +++++++ patches/CVE-2024-27285.patch | 27 +++++++++++++++++++++++++++ patches/series | 1 + 3 files changed, 35 insertions(+) diff -Nru yard-0.9.28/debian/changelog yard-0.9.28/debian/changelog --- yard-0.9.28/debian/changelog 2023-02-08 15:59:48.000000000 +0000 +++ yard-0.9.28/debian/changelog 2024-02-28 21:23:28.000000000 +0000 @@ -1,3 +1,10 @@ +yard (0.9.28-2+deb12u1) bookworm-security; urgency=high + + * Add upstream patch to fix XSS vulnerability in frames.html + [CVE-2024-27285] + + -- Antonio Terceiro Wed, 28 Feb 2024 18:23:28 -0300 + yard (0.9.28-2) unstable; urgency=medium * Relax version dependency on webrick gem diff -Nru yard-0.9.28/debian/patches/CVE-2024-27285.patch yard-0.9.28/debian/patches/CVE-2024-27285.patch --- yard-0.9.28/debian/patches/CVE-2024-27285.patch 1970-01-01 00:00:00.000000000 +0000 +++ yard-0.9.28/debian/patches/CVE-2024-27285.patch 2024-02-28 21:23:28.000000000 +0000 @@ -0,0 +1,27 @@ +From d78fc393d603c4fc35975969296ed381146a29d4 Mon Sep 17 00:00:00 2001 +From: Aviv Keller <38299977+RedYetiDev@users.noreply.github.com> +Date: Wed, 28 Feb 2024 12:57:39 -0500 +Subject: [PATCH] Update frames.erb + +--- + templates/default/fulldoc/html/frames.erb | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/templates/default/fulldoc/html/frames.erb b/templates/default/fulldoc/html/frames.erb +index e803bcd6c..994aee97e 100644 +--- a/templates/default/fulldoc/html/frames.erb ++++ b/templates/default/fulldoc/html/frames.erb +@@ -5,10 +5,10 @@ + <%= options.title %> + + +