[DRE-maint] [Bug 1098357] Re: update libextlib-ruby/ruby-extlib packages for CVE-2013-0156

Marc Deslauriers marc.deslauriers at canonical.com
Fri Jan 18 14:06:23 UTC 2013 

** Changed in: ruby-extlib (Ubuntu Quantal)
       Status: Triaged => Fix Committed

** Changed in: ruby-extlib (Ubuntu Quantal)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1098357

Title:
  update libextlib-ruby/ruby-extlib packages for CVE-2013-0156

Status in “libextlib-ruby” package in Ubuntu:
  Invalid
Status in “rails” package in Ubuntu:
  Invalid
Status in “ruby-activesupport-2.3” package in Ubuntu:
  Fix Released
Status in “ruby-activesupport-3.2” package in Ubuntu:
  Fix Released
Status in “ruby-extlib” package in Ubuntu:
  Fix Released
Status in “libextlib-ruby” source package in Lucid:
  Triaged
Status in “rails” source package in Lucid:
  Triaged
Status in “ruby-activesupport-2.3” source package in Lucid:
  Invalid
Status in “ruby-activesupport-3.2” source package in Lucid:
  Invalid
Status in “ruby-extlib” source package in Lucid:
  Invalid
Status in “libextlib-ruby” source package in Oneiric:
  Triaged
Status in “rails” source package in Oneiric:
  Invalid
Status in “ruby-activesupport-2.3” source package in Oneiric:
  Fix Committed
Status in “ruby-activesupport-3.2” source package in Oneiric:
  Invalid
Status in “ruby-extlib” source package in Oneiric:
  Invalid
Status in “libextlib-ruby” source package in Precise:
  Triaged
Status in “rails” source package in Precise:
  Invalid
Status in “ruby-activesupport-2.3” source package in Precise:
  Fix Committed
Status in “ruby-activesupport-3.2” source package in Precise:
  Invalid
Status in “ruby-extlib” source package in Precise:
  Invalid
Status in “libextlib-ruby” source package in Quantal:
  Invalid
Status in “rails” source package in Quantal:
  Invalid
Status in “ruby-activesupport-2.3” source package in Quantal:
  Fix Committed
Status in “ruby-activesupport-3.2” source package in Quantal:
  Fix Committed
Status in “ruby-extlib” source package in Quantal:
  Fix Committed
Status in “libextlib-ruby” source package in Raring:
  Invalid
Status in “rails” source package in Raring:
  Invalid
Status in “ruby-activesupport-2.3” source package in Raring:
  Fix Released
Status in “ruby-activesupport-3.2” source package in Raring:
  Fix Released
Status in “ruby-extlib” source package in Raring:
  Fix Released
Status in “libextlib-ruby” source package in Hardy:
  Invalid
Status in “rails” source package in Hardy:
  Triaged
Status in “ruby-activesupport-2.3” source package in Hardy:
  Invalid
Status in “ruby-activesupport-3.2” source package in Hardy:
  Invalid
Status in “ruby-extlib” source package in Hardy:
  Invalid
Status in “libextlib-ruby” package in Debian:
  Fix Released

Bug description:
  Dan Kubb, maintainer of the extlib RubyGem recently updated it to
  resolve security issues reported in CVE-2013-0156.

  The patches are are available from the extlib Git repository on GitHub
  to remove symbol and yaml coercion, respectively:

  https://github.com/datamapper/extlib/commit/4540e7102b803624cc2eade4bb8aaaa934fc31c5
  https://github.com/datamapper/extlib/commit/633974b2759d9b924657f3888473d5fd681538dd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libextlib-ruby/+bug/1098357/+subscriptions

More information about the Pkg-ruby-extras-maintainers mailing list