[DRE-maint] [Bug 1098357] Re: update libextlib-ruby/ruby-extlib packages for CVE-2013-0156

Marc Deslauriers marc.deslauriers at canonical.com
Fri Jan 11 17:46:02 UTC 2013 

Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

** Also affects: libextlib-ruby (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: libextlib-ruby (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Also affects: libextlib-ruby (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Tags removed: cve exploit merb rails ruby security

** Changed in: libextlib-ruby (Ubuntu Lucid)
       Status: New => Confirmed

** Changed in: libextlib-ruby (Ubuntu Oneiric)
       Status: New => Confirmed

** Changed in: libextlib-ruby (Ubuntu Precise)
       Status: New => Confirmed

** Changed in: libextlib-ruby (Ubuntu)
       Status: New => Incomplete

** Changed in: libextlib-ruby (Ubuntu Lucid)
       Status: Confirmed => Incomplete

** Changed in: libextlib-ruby (Ubuntu Oneiric)
       Status: Confirmed => Incomplete

** Changed in: libextlib-ruby (Ubuntu Precise)
       Status: Confirmed => Incomplete

** Changed in: libextlib-ruby (Debian)
       Status: New => Incomplete

-- 
You received this bug notification because you are subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1098357

Title:
  update libextlib-ruby/ruby-extlib packages for CVE-2013-0156

Status in “libextlib-ruby” package in Ubuntu:
  Incomplete
Status in “libextlib-ruby” source package in Lucid:
  Incomplete
Status in “libextlib-ruby” source package in Oneiric:
  Incomplete
Status in “libextlib-ruby” source package in Precise:
  Incomplete
Status in “libextlib-ruby” package in Debian:
  Incomplete

Bug description:
  Dan Kubb, maintainer of the extlib RubyGem recently updated it to
  resolve security issues reported in CVE-2013-0156.

  The patches are are available from the extlib Git repository on GitHub
  to remove symbol and yaml coercion, respectively:

  https://github.com/datamapper/extlib/commit/4540e7102b803624cc2eade4bb8aaaa934fc31c5
  https://github.com/datamapper/extlib/commit/633974b2759d9b924657f3888473d5fd681538dd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libextlib-ruby/+bug/1098357/+subscriptions

More information about the Pkg-ruby-extras-maintainers mailing list