[DRE-maint] [Bug 1098357] Re: update libextlib-ruby/ruby-extlib packages for CVE-2013-0156
Launchpad Bug Tracker
1098357 at bugs.launchpad.net
Fri Jan 18 14:57:14 UTC 2013
This bug was fixed in the package ruby-activesupport-3.2 -
3.2.6-4ubuntu0.1
---------------
ruby-activesupport-3.2 (3.2.6-4ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: vulnerabilities in parameter parsing (LP: #1098357)
- debian/patches/CVE-2013-0156.patch: added patch from Debian 3.2.6-5
- CVE-2013-0156
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Fri, 18 Jan 2013 08:43:58 -0500
** Changed in: ruby-extlib (Ubuntu Quantal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1098357
Title:
update libextlib-ruby/ruby-extlib packages for CVE-2013-0156
Status in “libextlib-ruby” package in Ubuntu:
Invalid
Status in “rails” package in Ubuntu:
Invalid
Status in “ruby-activesupport-2.3” package in Ubuntu:
Fix Released
Status in “ruby-activesupport-3.2” package in Ubuntu:
Fix Released
Status in “ruby-extlib” package in Ubuntu:
Fix Released
Status in “libextlib-ruby” source package in Lucid:
Triaged
Status in “rails” source package in Lucid:
Triaged
Status in “ruby-activesupport-2.3” source package in Lucid:
Invalid
Status in “ruby-activesupport-3.2” source package in Lucid:
Invalid
Status in “ruby-extlib” source package in Lucid:
Invalid
Status in “libextlib-ruby” source package in Oneiric:
Triaged
Status in “rails” source package in Oneiric:
Invalid
Status in “ruby-activesupport-2.3” source package in Oneiric:
Fix Released
Status in “ruby-activesupport-3.2” source package in Oneiric:
Invalid
Status in “ruby-extlib” source package in Oneiric:
Invalid
Status in “libextlib-ruby” source package in Precise:
Triaged
Status in “rails” source package in Precise:
Invalid
Status in “ruby-activesupport-2.3” source package in Precise:
Fix Released
Status in “ruby-activesupport-3.2” source package in Precise:
Invalid
Status in “ruby-extlib” source package in Precise:
Invalid
Status in “libextlib-ruby” source package in Quantal:
Invalid
Status in “rails” source package in Quantal:
Invalid
Status in “ruby-activesupport-2.3” source package in Quantal:
Fix Released
Status in “ruby-activesupport-3.2” source package in Quantal:
Fix Released
Status in “ruby-extlib” source package in Quantal:
Fix Released
Status in “libextlib-ruby” source package in Raring:
Invalid
Status in “rails” source package in Raring:
Invalid
Status in “ruby-activesupport-2.3” source package in Raring:
Fix Released
Status in “ruby-activesupport-3.2” source package in Raring:
Fix Released
Status in “ruby-extlib” source package in Raring:
Fix Released
Status in “libextlib-ruby” source package in Hardy:
Invalid
Status in “rails” source package in Hardy:
Triaged
Status in “ruby-activesupport-2.3” source package in Hardy:
Invalid
Status in “ruby-activesupport-3.2” source package in Hardy:
Invalid
Status in “ruby-extlib” source package in Hardy:
Invalid
Status in “libextlib-ruby” package in Debian:
Fix Released
Bug description:
Dan Kubb, maintainer of the extlib RubyGem recently updated it to
resolve security issues reported in CVE-2013-0156.
The patches are are available from the extlib Git repository on GitHub
to remove symbol and yaml coercion, respectively:
https://github.com/datamapper/extlib/commit/4540e7102b803624cc2eade4bb8aaaa934fc31c5
https://github.com/datamapper/extlib/commit/633974b2759d9b924657f3888473d5fd681538dd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libextlib-ruby/+bug/1098357/+subscriptions
More information about the Pkg-ruby-extras-maintainers
mailing list