Upgrade to 2.3.15 for "extremely critical security fixes" (CVE-2013-0155) and (CVE-2013-0156)
Bug #1100590 reported by
eviljoel
This bug report is a duplicate of:
Bug #1098357: update libextlib-ruby/ruby-extlib packages for CVE-2013-0156.
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ruby-activesupport-2.3 (Ubuntu) |
In Progress
|
Undecided
|
Micah Gersten | ||
Bug Description
This critical security patch has been out for a little over a week but there has been no corresponding update to Ubuntu's packages. I suspect it might have been missed. Here is an excerpt from the Rails blog:
"I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two extremely critical security fixes so please update IMMEDIATELY.
"You can read about the security fixes by following these links:
" CVE-2013-0155 [https:/
" CVE-2013-0156 [https:/
Hopefully this is the right place to report this.
| information type: | Private Security → Public Security |
Revision history for this message
| Micah Gersten (micahg) wrote | #1 |
| Changed in ruby-rails-2.3 (Ubuntu): | |
| assignee: | nobody → Micah Gersten (micahg) |
| status: | New → In Progress |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #2 |
| affects: | ruby-rails-2.3 (Ubuntu) → ruby-activesupport-2.3 (Ubuntu) |
To post a comment you must log in.
CVE-2013-0155 doesn't apply to 2.x, I'll prepare debdiffs for CVE-2013-0156