Source: ruby-rack Severity: grave Tags: security Hi,
the following vulnerabilities were published for ruby-rack. CVE-2013-0262[0]: Path sanitization information disclosure CVE-2013-0263[1]: Timing attack in cookie sessions If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. Patches/upstream commits are referenced in the security tracker. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2013-0262 [1] http://security-tracker.debian.org/tracker/CVE-2013-0263 Please adjust the affected versions in the BTS as needed. Note: According to the red hat bugtracker for CVE-2013-0262 only versions after 1.4.x are affected, for CVE-2013-0263 all previous versions. Could you please double check this, and mark accordingly? Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
