This bug was fixed in the package ruby-activesupport-2.3 -
2.3.14-4ubuntu0.2
---
ruby-activesupport-2.3 (2.3.14-4ubuntu0.2) quantal-security; urgency=low
* SECURITY UPDATE: Add an OkJson backend and remove the YAML backend to
resolve improper conversion of JSON to YAML (LP: #111
This bug was fixed in the package ruby-activesupport-2.3 -
2.3.14-2ubuntu0.11.10.2
---
ruby-activesupport-2.3 (2.3.14-2ubuntu0.11.10.2) oneiric-security; urgency=low
* SECURITY UPDATE: Add an OkJson backend and remove the YAML backend to
resolve improper conversion of JSON to YA
This bug was fixed in the package ruby-activesupport-2.3 -
2.3.14-2ubuntu0.12.04.2
---
ruby-activesupport-2.3 (2.3.14-2ubuntu0.12.04.2) precise-security; urgency=low
* SECURITY UPDATE: Add an OkJson backend and remove the YAML backend to
resolve improper conversion of JSON to YA
** Changed in: ruby-activesupport-2.3 (Ubuntu Oneiric)
Status: In Progress => Fix Committed
** Changed in: ruby-activesupport-2.3 (Ubuntu Precise)
Status: In Progress => Fix Committed
** Changed in: ruby-activesupport-2.3 (Ubuntu Quantal)
Status: In Progress => Fix Committed
Stefan, thanks for attending to this bug. Your debdiff is incomplete
however because it patches debian/changelog. As for the binary package,
we don't submit those in Launchpad but instead submit patches to source
packages in the form of debdiffs. These are then reviewed and applied to
source packag
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0156
** Changed in: ruby-activesupport-2.3 (Ubuntu)
Status: Incomplete => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
Subscribing ubuntu-security-sponsors as per
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Submission
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1119256
Title:
rails: CVE-2013-0333: Vuln
and finally - here is the package I created. Is it the common way to
just add these updates here in launchpad?
** Attachment added: "ruby-activesupport-2.3_2.3.14-3ubuntu0.12.04.1_all.deb"
https://bugs.launchpad.net/ubuntu/+source/ruby-activesupport-2.3/+bug/1119256/+attachment/3526530/+files/
Hi guys, here is the debdiff I created. In addition, I really just added
the patch to debian/patches and updated series and changelog
accordingly.
** Patch added: "debdiff"
https://bugs.launchpad.net/ubuntu/+source/ruby-activesupport-2.3/+bug/1119256/+attachment/3526529/+files/ruby-activesuppo
> what can I do to help here?
Thanks Stefan; the most useful next step would be preparing a debdiff
for this issue. Some further information can be found at
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging
Thanks
--
You received this bug notification because you are a member of
Hi all,
I am not sure why there is so little progress here. The patch I attached
is the one mentioned in debian bugtracker, and I provided the link in my
initial report. Also, I tried to build a new package containing the
patch for myself - which was rather easy, since I only had to adjust
changel
The attachment "CVE-2013-0333.patch" of this bug report has been
identified as being a patch. The ubuntu-reviewers team has been
subscribed to the bug report so that they can review the patch. In the
event that this is in fact not a patch you can resolve this situation by
removing the tag 'patch'
Hi Marc,
I just had a closer look. The only difference that has been done by
Debian developer team is to add CVE-2013-0333.patch - very similar to
what you have done for CVE-2013-0156. So, I just added the patch from
debian package here.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
14 matches
Mail list logo