update libextlib-ruby/ruby-extlib packages for CVE-2013-0156
Bug #1098357 reported by
Joshua Timberman
This bug affects 6 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libextlib-ruby (Debian) |
Fix Released
|
Unknown
|
|||
libextlib-ruby (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Won't Fix
|
Undecided
|
Unassigned | ||
Oneiric |
Won't Fix
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Raring |
Invalid
|
Undecided
|
Unassigned | ||
rails (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned | ||
Lucid |
Won't Fix
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Raring |
Invalid
|
Undecided
|
Unassigned | ||
ruby-activesupport-2.3 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Quantal |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Raring |
Fix Released
|
Undecided
|
Unassigned | ||
ruby-activesupport-3.2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Raring |
Fix Released
|
Undecided
|
Unassigned | ||
ruby-extlib (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Raring |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Dan Kubb, maintainer of the extlib RubyGem recently updated it to resolve security issues reported in CVE-2013-0156.
The patches are are available from the extlib Git repository on GitHub to remove symbol and yaml coercion, respectively:
https:/
https:/
affects: | merb (Ubuntu) → libextlib-ruby (Ubuntu) |
information type: | Private Security → Public Security |
Changed in libextlib-ruby (Debian): | |
status: | Unknown → New |
Changed in libextlib-ruby (Debian): | |
status: | Incomplete → Fix Released |
Changed in rails (Ubuntu Lucid): | |
importance: | Undecided → High |
Changed in rails (Ubuntu Hardy): | |
importance: | Undecided → High |
Changed in ruby-activesupport-3.2 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in ruby-activesupport-3.2 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in ruby-activesupport-2.3 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in ruby-activesupport-2.3 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in libextlib-ruby (Ubuntu Quantal): | |
status: | New → Invalid |
Changed in libextlib-ruby (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in libextlib-ruby (Ubuntu Raring): | |
status: | Incomplete → Invalid |
Changed in ruby-activesupport-2.3 (Ubuntu Oneiric): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | Triaged → Fix Committed |
Changed in ruby-activesupport-2.3 (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | Triaged → Fix Committed |
Changed in ruby-activesupport-2.3 (Ubuntu Quantal): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | Triaged → Fix Committed |
Changed in ruby-activesupport-3.2 (Ubuntu Oneiric): | |
status: | Triaged → Invalid |
Changed in ruby-activesupport-3.2 (Ubuntu Precise): | |
status: | Triaged → Invalid |
Changed in ruby-activesupport-3.2 (Ubuntu Quantal): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | Triaged → Fix Committed |
Changed in ruby-extlib (Ubuntu Quantal): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | Triaged → Fix Committed |
To post a comment you must log in.
Do you happen to know which version(s) of the library are impacted by this CVE?