dear security team,
On Mon, Feb 11, 2013 at 1:24 PM, Satoru KURASHIKI lur...@gmail.com wrote:
I've contacted Youhei SASAKI (maintainer of ruby-rack, successor of
librack-ruby),
and acknowledged about preparing NMU for this bug.
Please audit this patch, after that I will prepare NMU for
hi,
(CC: pkg-ruby-extras-maintainers)
I've contacted Youhei SASAKI (maintainer of ruby-rack, successor of
librack-ruby),
and acknowledged about preparing NMU for this bug.
Please audit this patch, after that I will prepare NMU for squeeze.
(and after that t-p-u, unstable, ...)
On Sun, Feb 10,
Source: ruby-rack
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for ruby-rack.
CVE-2013-0262[0]:
Path sanitization information disclosure
CVE-2013-0263[1]:
Timing attack in cookie sessions
If you fix the vulnerabilities please also make sure to include the
hi,
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-0262
[1] http://security-tracker.debian.org/tracker/CVE-2013-0263
Please adjust the affected versions in the BTS as needed.
Note: According to the red hat bugtracker for CVE-2013-0262 only
Control: clone -1 -2
Control: retitle -1 ruby-rack: CVE-2013-0262: Path sanitization information
disclosure
Control: retitle -2 ruby-rack: CVE-2013-0263: Timing attack in cookie sessions
Hi
On Sun, Feb 10, 2013 at 11:14:50AM +0900, Satoru KURASHIKI wrote:
hi,
For further information see:
Processing control commands:
clone -1 -2
Bug #700173 [src:ruby-rack] ruby-rack: CVE-2013-0262 and CVE-2013-0263
Bug 700173 cloned as bug 700226
retitle -1 ruby-rack: CVE-2013-0262: Path sanitization information disclosure
Bug #700173 [src:ruby-rack] ruby-rack: CVE-2013-0262 and CVE-2013-0263
6 matches
Mail list logo
