*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
The version of Rack available in Precise is version 1.3.5. It is vulnerable to the parameter hash vulnerability, CVE-2011-5036. This problem has been fixed upstream in version 1.3.6. [1] The version of Rack in Quantal is 1.4.1. Could you please backport it or create a new package for version 1.3.6? [1] https://groups.google.com/d/topic/rack-devel/Gk74wz5GH_4/discussion ** Affects: ruby-rack (Ubuntu) Importance: Undecided Status: Incomplete -- Backport Rack 1.3.6 or 1.4.x to fix CVE-2011-5036 (parameter hash vulnerability) https://bugs.launchpad.net/bugs/1042696 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
