Your message dated Wed, 09 Jan 2013 20:52:49 +0000
with message-id <[email protected]>
and subject line Bug#697789: fixed in ruby-activesupport-2.3 2.3.14-5
has caused the Debian Bug report #697789,
regarding rails: CVE-2013-0156: Multiple vulnerabilities in parameter parsing
in Action Pack
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
697789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697789
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rails
Version: 2:2.3.14.2
Severity: grave
Tags: security
http://www.openwall.com/lists/oss-security/2013/01/08/14
https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
"""
Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails
which allows attackers to bypass authentication systems, inject arbitrary SQL,
inject and execute arbitrary code, or perform a DoS attack on a Rails
application. This vulnerability has been assigned the CVE identifier
CVE-2013-0156.
Versions Affected: ALL versions
Not affected: NONE
Fixed Versions: 3.2.11, 3.1.10, 3.0.19, 2.3.15
<snip>
"""
This probably affects squeeze and wheezy too. Please contact me in case you
need any help!
- Henri Salo
--- End Message ---
--- Begin Message ---
Source: ruby-activesupport-2.3
Source-Version: 2.3.14-5
We believe that the bug you reported is fixed in the latest version of
ruby-activesupport-2.3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <[email protected]> (supplier of updated
ruby-activesupport-2.3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 09 Jan 2013 16:34:24 -0300
Source: ruby-activesupport-2.3
Binary: ruby-activesupport-2.3
Architecture: source all
Version: 2.3.14-5
Distribution: unstable
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Antonio Terceiro <[email protected]>
Description:
ruby-activesupport-2.3 - Support and utility classes used by the Rails 2.3
framework
Closes: 697789
Changes:
ruby-activesupport-2.3 (2.3.14-5) unstable; urgency=high
.
* Team upload.
* Add fix for vulnerabilities in parameter parsing [CVE-2013-0156].
Closes: #697789
Checksums-Sha1:
2164da18927a299558dd5320cecdf8c54c6b8656 1578
ruby-activesupport-2.3_2.3.14-5.dsc
d5369111f7a8d1b2d1f1d5615dbde889d7c27255 144577
ruby-activesupport-2.3_2.3.14-5.debian.tar.gz
dd718aa3c22f0c398fc0e16fe39f9f22462bdc5f 301524
ruby-activesupport-2.3_2.3.14-5_all.deb
Checksums-Sha256:
5eb4be1e72c6c102776155e64e74e6c446e0a58797e456485d61187fe80d02c6 1578
ruby-activesupport-2.3_2.3.14-5.dsc
340d987a1fdb06e8f478d6dc661fe1de79d6a2118d3b004b3884c92a0d6854f7 144577
ruby-activesupport-2.3_2.3.14-5.debian.tar.gz
4f2ba7db0103ad7d84c50ec9a2ced5f306a33edc2f29cbb0d69ec232cb96ec13 301524
ruby-activesupport-2.3_2.3.14-5_all.deb
Files:
82138e77d49ea7a067ea139f77336b88 1578 ruby optional
ruby-activesupport-2.3_2.3.14-5.dsc
54fb9a5abade0aa5e8c714f6013e4514 144577 ruby optional
ruby-activesupport-2.3_2.3.14-5.debian.tar.gz
4f92b996a27ceca681225cdad450a7b2 301524 ruby optional
ruby-activesupport-2.3_2.3.14-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlDtykgACgkQDOM8kQ+cso+FBgCeN9oSCPSIfxguTVbk2t1Zxp9M
T90AnjntQzQX2k2dNPSiNzyhBhTzvDbW
=N4Sm
-----END PGP SIGNATURE-----
--- End Message ---
