[DRE-maint] Bug#697895: Update libextlib-ruby / ruby-extlib for vulnerabilities (Re: CVE-2013-0156)
Joshua Timberman
joshua at opscode.com
Fri Jan 11 00:06:54 UTC 2013
Package: libextlib-ruby
Version: 0.9.13-2
Severity: grave
Tags: security
Dan Kubb, upstream maintainer of the extlib RubyGem recently updated it to
resolve security issues reported in CVE-2013-0156.
The patches are are available from the extlib Git repository on GitHub to
remove symbol and yaml coercion, respectively:
https://github.com/datamapper/extlib/commit/4540e7102b803624cc2eade4bb8aaaa
934fc31c5
https://github.com/datamapper/extlib/commit/633974b2759d9b924657f3888473d5f
d681538dd
More information about the Pkg-ruby-extras-maintainers
mailing list