Hi Marc, I just had a closer look. The only difference that has been done by Debian developer team is to add CVE-2013-0333.patch - very similar to what you have done for CVE-2013-0156. So, I just added the patch from debian package here.
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0156 ** Patch added: "CVE-2013-0333.patch" https://bugs.launchpad.net/ubuntu/+source/ruby-activesupport-2.3/+bug/1119256/+attachment/3521782/+files/CVE-2013-0333.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1119256 Title: rails: CVE-2013-0333: Vulnerability in JSON Parser To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-activesupport-2.3/+bug/1119256/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
