This bug was fixed in the package ruby-activesupport-2.3 - 2.3.14-2ubuntu0.12.04.2
--------------- ruby-activesupport-2.3 (2.3.14-2ubuntu0.12.04.2) precise-security; urgency=low * SECURITY UPDATE: Add an OkJson backend and remove the YAML backend to resolve improper conversion of JSON to YAML (LP: #1119256) - debian/patches/CVE-2013-0333.patch: added patch from Debian 2.3.14-6 - CVE-2013-0333 -- Jamie Strandboge <ja...@ubuntu.com> Wed, 13 Feb 2013 10:47:34 -0600 ** Changed in: ruby-activesupport-2.3 (Ubuntu Precise) Status: Fix Committed => Fix Released ** Changed in: ruby-activesupport-2.3 (Ubuntu Quantal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1119256 Title: rails: CVE-2013-0333: Vulnerability in JSON Parser To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-activesupport-2.3/+bug/1119256/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs