[Bug 870846] [NEW] several vulnerabilities in rails

Sat, 08 Oct 2011 10:15:46 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

There are a bunch of Rails vulnerabilities that have't been fixed in
Ubuntu.

First some CVE tracker triaging:

CVE-2009-4214: already fixed in lucid (2.2.3-2), can be marked as not-affected.
CVE-2011-0446, CVE-2011-0447, CVE-2011-2932: don't affect oneiric (fixed 
upstream)
CVE-2011-2932: doesn't seem to affect lucid-natty as 
activesupport/lib/active_support/core_ext/string/output_safety.rb doesn't 
provide a html_escape method in thse versions
CVE-2011-2197: doesn't affect Ubuntu, see http://bugs.debian.org/634990
CVE-2011-2929, CVE-2011-3187: seems to only affect 3.x which isn't in Ubuntu

** Affects: rails (Ubuntu)
     Importance: Undecided
         Status: Invalid

** Affects: rails (Ubuntu Lucid)
     Importance: Undecided
         Status: New

** Affects: rails (Ubuntu Maverick)
     Importance: Undecided
         Status: New

** Affects: rails (Ubuntu Natty)
     Importance: Undecided
         Status: New

** Affects: rails (Ubuntu Oneiric)
     Importance: Undecided
         Status: Invalid

** Visibility changed to: Public

** Also affects: rails (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: rails (Ubuntu Maverick)
   Importance: Undecided
       Status: New

** Also affects: rails (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Also affects: rails (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Changed in: rails (Ubuntu Oneiric)
       Status: New => Invalid

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-0446

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-0447

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2930

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2931

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3186

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/870846

Title:
  several vulnerabilities in rails

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rails/+bug/870846/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to