several vulnerabilities in rails
Bug #870846 reported by
Felix Geyer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rails (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned |
Bug Description
There are a bunch of Rails vulnerabilities that have't been fixed in Ubuntu.
First some CVE tracker triaging:
CVE-2009-4214: already fixed in lucid (2.2.3-2), can be marked as not-affected.
CVE-2011-0446, CVE-2011-0447, CVE-2011-2932: don't affect oneiric (fixed upstream)
CVE-2011-2932: doesn't seem to affect lucid-natty as activesupport/
CVE-2011-2197: doesn't affect Ubuntu, see http://
CVE-2011-2929, CVE-2011-3187: seems to only affect 3.x which isn't in Ubuntu
visibility: | private → public |
Changed in rails (Ubuntu Oneiric): | |
status: | New → Invalid |
To post a comment you must log in.
Attaching a debdiff for lucid.
(package without a patch system and multiple fixes, yay!)