[DRE-maint] Bug#699226: rails: CVE-2013-0333: Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
Antonio Terceiro
terceiro at debian.org
Tue Jan 29 14:39:35 UTC 2013
Control: clone 699226 -1
Control: reassign -1 ruby-activesupport-2.3
On Tue, Jan 29, 2013 at 11:04:00AM +0100, Salvatore Bonaccorso wrote:
> The following advisory was made for rails:
>
> [1] http://weblog.rubyonrails.org/
> [2]: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
>
> Disclaimer: I have not checked which versions in Debian might be
> affected. Can you check and adjust the affected versions?
stable is affected (package rails), a security upload was already made.
testing/unstable is also affected (package ruby-activesupport-2.3), so I
am cloning this bug to that package as well.
Thanks,
--
Antonio Terceiro <terceiro at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20130129/2deaae75/attachment.pgp>
More information about the Pkg-ruby-extras-maintainers
mailing list