[Bug 1100162] Re: Unsafe Query Generation Risk in Ruby on Rails
*** This bug is a duplicate of bug 1100188 *** https://bugs.launchpad.net/bugs/1100188 This bug was fixed in the package ruby-actionpack-3.2 - 3.2.6-4ubuntu0.1 --- ruby-actionpack-3.2 (3.2.6-4ubuntu0.1) quantal-security; urgency=low * SECURITY UPDATE: Unsafe Query Generation Risk in Ruby on Rails (LP: #1100162) - debian/patches/CVE-2013-0155: Strip nils from collections on JSON and XML posts. Based on upstream patch. - CVE-2013-0155 -- Christian KuersteinerWed, 16 Jan 2013 14:20:55 +0700 ** Changed in: ruby-actionpack-3.2 (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100162 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100162] Re: Unsafe Query Generation Risk in Ruby on Rails
*** This bug is a duplicate of bug 1100188 *** https://bugs.launchpad.net/bugs/1100188 @Christian > hrm, this is actually being tracked in bug #1100188. Can you submit your debdiff there instead? Nevermind, I did it for you. Please subscribe to bug #1100188. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100162 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100162] Re: Unsafe Query Generation Risk in Ruby on Rails
*** This bug is a duplicate of bug 1100188 *** https://bugs.launchpad.net/bugs/1100188 hrm, this is actually being tracked in bug #1100188. Can you submit your debdiff there instead? ** This bug has been marked a duplicate of bug 1100188 Unsafe Query Generation Risk in Ruby on Rails -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100162 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100162] Re: Unsafe Query Generation Risk in Ruby on Rails
Patch for quantal ** Patch added: "lp1100162-quantal.debdiff" https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+attachment/3485947/+files/lp1100162-quantal.debdiff ** Changed in: ruby-actionpack-3.2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100162 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100162] Re: Unsafe Query Generation Risk in Ruby on Rails
According to https://groups.google.com/forum/?fromgroups=#!topic /rubyonrails-security/c7jT-EeN9eI all version (as well 2.x) is affected. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100162 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100162] Re: Unsafe Query Generation Risk in Ruby on Rails
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0155 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100162 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs