[DRE-maint] [Bug 1098357] Re: update libextlib-ruby/ruby-extlib packages for CVE-2013-0156
Joshua Timberman
1098357 at bugs.launchpad.net
Fri Jan 11 01:45:40 UTC 2013
** Package changed: merb (Ubuntu) => libextlib-ruby (Ubuntu)
** Bug watch added: Debian Bug tracker #697895
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895
** Also affects: libextlib-ruby (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895
Importance: Unknown
Status: Unknown
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1098357
Title:
update libextlib-ruby/ruby-extlib packages for CVE-2013-0156
Status in “libextlib-ruby” package in Ubuntu:
New
Status in “libextlib-ruby” package in Debian:
Unknown
Bug description:
Dan Kubb, maintainer of the extlib RubyGem recently updated it to
resolve security issues reported in CVE-2013-0156.
The patches are are available from the extlib Git repository on GitHub
to remove symbol and yaml coercion, respectively:
https://github.com/datamapper/extlib/commit/4540e7102b803624cc2eade4bb8aaaa934fc31c5
https://github.com/datamapper/extlib/commit/633974b2759d9b924657f3888473d5fd681538dd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libextlib-ruby/+bug/1098357/+subscriptions
More information about the Pkg-ruby-extras-maintainers
mailing list