[DRE-maint] Bug#684454: ruby-actionpack-3.2: CVE-2012-3463 / CVE-2012-3464 / CVE-2012-3465
Antonio Terceiro
terceiro at debian.org
Fri Aug 10 16:19:33 UTC 2012
clone 684454 -1
reassign -1 ruby-activesupport-3.2
retitle -1 ruby-activesupport-3.2: CVE-2012-3464
thanks
Moritz Muehlenhoff escreveu isso aí:
> Package: ruby-actionpack-3.2
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Please see
>
> CVE-2012-3465
> http://www.openwall.com/lists/oss-security/2012/08/09/9
>
>
> CVE-2012-3464
> http://www.openwall.com/lists/oss-security/2012/08/09/10
>
>
> CVE-2012-3463
> http://www.openwall.com/lists/oss-security/2012/08/09/8
>
> Since Wheezy is frozen, please use the isolated patches instead of updating to
> 3.2.8
the patch for CVE-2012-3464 has to be split between ruby-actionpack-3.2
and ruby-activesupport-3.2.
I am working on this, expect uploads RSN.
--
Antonio Terceiro <terceiro at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20120810/364fef95/attachment.pgp>
More information about the Pkg-ruby-extras-maintainers
mailing list