lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as "Won't Fix".
** Changed in: rails (Ubuntu Lucid)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscr
I've synced the libextlib-ruby package from Debian's squeeze-lts archive
to fix this issue in Ubuntu 12.04. The fixed libextlib-ruby version in
Ubuntu 12.04 is 0.9.13-2+deb6u1build0.12.04.1
** Changed in: libextlib-ruby (Ubuntu Precise)
Status: Triaged => Fix Released
--
You received this
Ubuntu 10.04 (Lucid) is no longer supported. Marking as Won't Fix.
** Changed in: libextlib-ruby (Ubuntu Lucid)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/109835
** Branch linked: lp:~ubuntu-branches/ubuntu/quantal/ruby-
activesupport-3.2/quantal-security
** Branch linked: lp:~ubuntu-branches/ubuntu/quantal/ruby-extlib
/quantal-security
** Branch linked: lp:~ubuntu-branches/ubuntu/oneiric/ruby-
activesupport-2.3/oneiric-security
** Branch linked: lp:~ubu
This bug was fixed in the package ruby-extlib - 0.9.15-2ubuntu0.1
---
ruby-extlib (0.9.15-2ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: XML parser symbol and YAML coercion (LP: #1098357)
- Add upstream patches 633974b2759d9b92 and 4540e7102b803624 as has
bee
This bug was fixed in the package ruby-activesupport-3.2 -
3.2.6-4ubuntu0.1
---
ruby-activesupport-3.2 (3.2.6-4ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: vulnerabilities in parameter parsing (LP: #1098357)
- debian/patches/CVE-2013-0156.patch: added patch from D
This bug was fixed in the package ruby-activesupport-2.3 -
2.3.14-2ubuntu0.11.10.1
---
ruby-activesupport-2.3 (2.3.14-2ubuntu0.11.10.1) oneiric-security; urgency=low
* SECURITY UPDATE: vulnerabilities in parameter parsing (LP: #1098357)
- debian/patches/CVE-2013-0156.patch: adde
This bug was fixed in the package ruby-activesupport-2.3 -
2.3.14-4ubuntu0.1
---
ruby-activesupport-2.3 (2.3.14-4ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: vulnerabilities in parameter parsing (LP: #1098357)
- debian/patches/CVE-2013-0156.patch: added patch from
This bug was fixed in the package ruby-activesupport-2.3 -
2.3.14-2ubuntu0.12.04.1
---
ruby-activesupport-2.3 (2.3.14-2ubuntu0.12.04.1) precise-security; urgency=low
* SECURITY UPDATE: vulnerabilities in parameter parsing (LP: #1098357)
- debian/patches/CVE-2013-0156.patch: adde
** Changed in: ruby-extlib (Ubuntu Quantal)
Status: Triaged => Fix Committed
** Changed in: ruby-extlib (Ubuntu Quantal)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: ruby-activesupport-2.3 (Ubuntu Oneiric)
Status: Triaged => Fix Committed
** Changed in: ruby-activesupport-2.3 (Ubuntu Oneiric)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: ruby-activesupport-2.3 (Ubuntu Precise)
Status: Triaged => Fix Com
Note, people helping out with this bug may want to also look at bug
#1100188.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1098357
Title:
update libextlib-ruby/ruby-extlib packages for CVE-2013-015
Raring ruby-extlib fixed in 0.9.15-3
** Changed in: ruby-extlib (Ubuntu Raring)
Status: New => Fix Released
** Changed in: ruby-extlib (Ubuntu Lucid)
Status: New => Invalid
** Changed in: ruby-extlib (Ubuntu Oneiric)
Status: New => Invalid
** Changed in: ruby-extlib (Ubuntu
Raring ruby-activesupport-3.2fixed in 3.2.6-5
** Changed in: ruby-activesupport-3.2 (Ubuntu Raring)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1098357
Title:
u
This should now be triaged for our packages based on Debian's https
://security-tracker.debian.org/tracker/CVE-2013-0156. As Marc said,
since the packages referred to in this bug is in universe or multiverse,
it is community maintained. When a debdiffs are available, members of
the security team wi
Raring ruby-activesupport-2.3 fixed in 2.3.14-5
** Also affects: rails (Ubuntu)
Importance: Undecided
Status: New
** Also affects: ruby-activesupport-3.2 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: ruby-activesupport-2.3 (Ubuntu)
Importance: Undecided
The same security announcement mentions the Rails actionpack package
also being affected by the same bug. Again, all versions in Ubuntu
currently are affected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
Debdiff in Debian ticket:
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=16;filename=ruby-
extlib_0.9.15-2.1.debdiff;att=1;bug=697895
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1098357
Title:
** Changed in: libextlib-ruby (Debian)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1098357
Title:
update libextlib-ruby/ruby-extlib packages for CVE-2013-
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
I've confirmed Comment #2 with the person who committed the change
upstream.
This bug affects all versions currently in Ubuntu. This package current
exists in Lucid, Oneiric, and Precise, and is version 0.9.13-2 in each
of those releases (synced from Debian)
This package does NOT exist in Hardy,
0.9.15 and below. The maintainer released 0.9.16 with the fixes (in
those commits).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1098357
Title:
update libextlib-ruby/ruby-extlib packages for CVE-20
** Changed in: libextlib-ruby (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1098357
Title:
update libextlib-ruby/ruby-extlib packages for CVE-2013-0156
To man
Do you happen to know which version(s) of the library are impacted by
this CVE?
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0156
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs
** Package changed: merb (Ubuntu) => libextlib-ruby (Ubuntu)
** Bug watch added: Debian Bug tracker #697895
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895
** Also affects: libextlib-ruby (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895
Importance: Unknown
25 matches
Mail list logo
