Hi all, I am not sure why there is so little progress here. The patch I attached is the one mentioned in debian bugtracker, and I provided the link in my initial report. Also, I tried to build a new package containing the patch for myself - which was rather easy, since I only had to adjust changelog, control and put the patch to the right location. After that, dpkg-buildpackage worked really well.
So I wonder If I can do anything else to get that patch into official ubuntu repositories? It has been two weeks ago that this news message raised my attention: http://www.h-online.com/security/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html I just checked for ubuntu status and discovered, that there is no updated package. Well - I decided to give it some time., since the patch was already available for debian I figured it would only need some time to be available in ubuntu as well. After waiting some days I checked again - and there is no update. So I tried to hit launchpad, but up to now I am getting the impression that it is not leading anywhere? So - in the end my question is: what can I do to help here? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1119256 Title: rails: CVE-2013-0333: Vulnerability in JSON Parser To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-activesupport-2.3/+bug/1119256/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs