This bug was fixed in the package ruby-actionpack-2.3 -
2.3.14-2ubuntu0.11.10.1
---
ruby-actionpack-2.3 (2.3.14-2ubuntu0.11.10.1) oneiric-security; urgency=low
* SECURITY UPDATE: Cross-site scripting vulnerability (LP: #1030984)
- debian/patches/CVE-2012-1099.patch: patch from D
This bug was fixed in the package ruby-actionpack-2.3 -
2.3.14-2ubuntu0.12.04.1
---
ruby-actionpack-2.3 (2.3.14-2ubuntu0.12.04.1) precise-security; urgency=low
* SECURITY UPDATE: Cross-site scripting vulnerability (LP: #1030984)
- debian/patches/CVE-2012-1099.patch: patch from D
Thanks, Felix! The debdiff's look good. I added Description and Origin
patch tags, but that's obviously minor.
I'll get these built and released soon.
** Changed in: ruby-actionpack-2.3 (Ubuntu Oneiric)
Status: New => Confirmed
** Changed in: ruby-actionpack-2.3 (Ubuntu Precise)
St
** Patch added: "oneiric-security debdiff"
https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-2.3/+bug/1030984/+attachment/3242751/+files/ruby-actionpack-2.3_2.3.14-2ubuntu0.11.10.1.debdiff
** Changed in: ruby-actionpack-2.3 (Ubuntu)
Status: New => Incomplete
** Changed in: ruby
I'm attaching debdiffs for oneiric and precise.
I think the code lives in the rails package in natty and earlier releases.
** Patch added: "precise-security debdiff"
https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-2.3/+bug/1030984/+attachment/3242750/+files/ruby-actionpack-2.3_2.3.1