This should now be triaged for our packages based on Debian's https ://security-tracker.debian.org/tracker/CVE-2013-0155. As Marc said, since the packages referred to in this bug is in universe or multiverse, it is community maintained. When a debdiffs are available, members of the security team will review them and publish the packages. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures.
Since I added so many tasks, I went ahead and assigned Christian to ruby-activerecord-3.2 on Quantal since that is what the supplied debdiff was for. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100188 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rails/+bug/1100188/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs