Package: bundler
Version: 1.1.4-6
Severity: important
Tags: security upstream patch fixed-upstream

Hi there,
    the following vulnerability was published for bundler:

CVE-2013-0334: Ruby dependency manager Bundler may install gems from a 
different 
source than expected

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

http://www.openwall.com/lists/oss-security/2014/09/24/9
http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html

Please adjust the affected versions in the BTS as needed.

Regards, luciano        


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to