{"affected":[{"ecosystem_specific":{"binaries":[{"ruby2.1-rubygem-bson-1_11":"1.11.1-9.1","ruby2.1-rubygem-easy_diff":"0.0.5-9.1","ruby2.1-rubygem-redcarpet":"3.2.3-9.1","ruby2.1-rubygem-sprockets-2_11":"2.11.3-11.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 5","name":"rubygem-bson-1_11","purl":"pkg:rpm/suse/rubygem-bson-1_11&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.11.1-9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ruby2.1-rubygem-bson-1_11":"1.11.1-9.1","ruby2.1-rubygem-easy_diff":"0.0.5-9.1","ruby2.1-rubygem-redcarpet":"3.2.3-9.1","ruby2.1-rubygem-sprockets-2_11":"2.11.3-11.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 5","name":"rubygem-easy_diff","purl":"pkg:rpm/suse/rubygem-easy_diff&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.0.5-9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ruby2.1-rubygem-bson-1_11":"1.11.1-9.1","ruby2.1-rubygem-easy_diff":"0.0.5-9.1","ruby2.1-rubygem-redcarpet":"3.2.3-9.1","ruby2.1-rubygem-sprockets-2_11":"2.11.3-11.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 5","name":"rubygem-redcarpet","purl":"pkg:rpm/suse/rubygem-redcarpet&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.2.3-9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ruby2.1-rubygem-bson-1_11":"1.11.1-9.1","ruby2.1-rubygem-easy_diff":"0.0.5-9.1","ruby2.1-rubygem-redcarpet":"3.2.3-9.1","ruby2.1-rubygem-sprockets-2_11":"2.11.3-11.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 5","name":"rubygem-sprockets-2_11","purl":"pkg:rpm/suse/rubygem-sprockets-2_11&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.11.3-11.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for rubygem-bson-1_11, rubygem-easy_diff, rubygem-redcarpet, and rubygem-sprockets-2_11 fixes the following issues: \n\n- Avoid monodb data injection (bnc#933961, CVE-2015-4410)\n- Fixes merging of Arrays of Hashes (bsc#982364)\n- Fix XSS via autolinking of untrusted markdown (bsc#926328)\n\n","id":"SUSE-SU-2016:2019-1","modified":"2016-08-09T18:27:03Z","published":"2016-08-09T18:27:03Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162019-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/926328"},{"type":"REPORT","url":"https://bugzilla.suse.com/933961"},{"type":"REPORT","url":"https://bugzilla.suse.com/982364"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4410"}],"related":["CVE-2015-4410"],"summary":"Security update for rubygem-bson-1_11, rubygem-easy_diff, rubygem-redcarpet, and rubygem-sprockets-2_11","upstream":["CVE-2015-4410"]}