notfound 697722 2:2.3.14.2 found 697722 2.3.5-1.2+squeeze4 clone 697722 -1 -2 reassign -1 ruby-actionpack-2.3 reassign -2 ruby-actionpack-3.2 thanks
On Tue, Jan 08, 2013 at 11:42:46PM +0200, Henri Salo wrote: > Package: rails > Version: 2:2.3.14.2 > Severity: grave > Tags: security > > http://www.openwall.com/lists/oss-security/2013/01/08/14 > https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion > > """ > Multiple vulnerabilities in parameter parsing in Action Pack > > There are multiple weaknesses in the parameter parsing code for Ruby on Rails > which allows attackers to bypass authentication systems, inject arbitrary > SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails > application. This vulnerability has been assigned the CVE identifier > CVE-2013-0156. > > Versions Affected: ALL versions > Not affected: NONE > Fixed Versions: 3.2.11, 3.1.10, 3.0.19, 2.3.15 > <snip> > """ > > This probably affects squeeze and wheezy too. Please contact me in case you > need any help! Yes, this affects both squeeze and wheezy, but on different packages. A fix for wheezy is under way, and wheezy will follow. -- Antonio Terceiro <terce...@debian.org>
signature.asc
Description: Digital signature
