*** This bug is a security vulnerability *** Public security bug reported:
The CVE mentioned in summary caused quite some media attention in germany. According to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699249#19 this problem is solved in debian upstream, but there has been no security update for precise so far. This is quite strange - is there nobody maintaining ruby-activesupport for precise (LTS!) anymore? I only saw a later package for raring so far, but I did not check if the required patch is incorporated there. ** Affects: ruby-activesupport-2.3 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0333 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1119256 Title: rails: CVE-2013-0333: Vulnerability in JSON Parser To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-activesupport-2.3/+bug/1119256/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
