This bug was fixed in the package ruby-activesupport-2.3 - 2.3.14-2ubuntu0.11.10.2
--------------- ruby-activesupport-2.3 (2.3.14-2ubuntu0.11.10.2) oneiric-security; urgency=low * SECURITY UPDATE: Add an OkJson backend and remove the YAML backend to resolve improper conversion of JSON to YAML (LP: #1119256) - debian/patches/CVE-2013-0333.patch: added patch from Debian 2.3.14-6 - CVE-2013-0333 -- Jamie Strandboge <ja...@ubuntu.com> Wed, 13 Feb 2013 10:48:42 -0600 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1119256 Title: rails: CVE-2013-0333: Vulnerability in JSON Parser To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-activesupport-2.3/+bug/1119256/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs