This bug was fixed in the package ruby-activesupport-2.3 -
2.3.14-2ubuntu0.12.04.2
---------------
ruby-activesupport-2.3 (2.3.14-2ubuntu0.12.04.2) precise-security; urgency=low
* SECURITY UPDATE: Add an OkJson backend and remove the YAML backend to
resolve improper conversion of JSON to YAML (LP: #1119256)
- debian/patches/CVE-2013-0333.patch: added patch from Debian 2.3.14-6
- CVE-2013-0333
-- Jamie Strandboge <[email protected]> Wed, 13 Feb 2013 10:47:34 -0600
** Changed in: ruby-activesupport-2.3 (Ubuntu Precise)
Status: Fix Committed => Fix Released
** Changed in: ruby-activesupport-2.3 (Ubuntu Quantal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1119256
Title:
rails: CVE-2013-0333: Vulnerability in JSON Parser
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-activesupport-2.3/+bug/1119256/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
