Upgrade to 2.3.15 for "extremely critical security fixes" (CVE-2013-0155) and (CVE-2013-0156)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ruby-activesupport-2.3 (Ubuntu) |
In Progress
|
Undecided
|
Micah Gersten |
Bug Description
This critical security patch has been out for a little over a week but there has been no corresponding update to Ubuntu's packages. I suspect it might have been missed. Here is an excerpt from the Rails blog:
"I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two extremely critical security fixes so please update IMMEDIATELY.
"You can read about the security fixes by following these links:
" CVE-2013-0155 [https:/
" CVE-2013-0156 [https:/
Hopefully this is the right place to report this.
information type: | Private Security → Public Security |
affects: | ruby-rails-2.3 (Ubuntu) → ruby-activesupport-2.3 (Ubuntu) |
CVE-2013-0155 doesn't apply to 2.x, I'll prepare debdiffs for CVE-2013-0156