*** This bug is a security vulnerability ***
Public security bug reported:
Please sync ruby-rack 1.4.1-2.1 (universe) from Debian unstable (main)
Changelog entries since current raring version 1.4.1-2:
ruby-rack (1.4.1-2.1) unstable; urgency=high
[ KURASHIKI Satoru ]
* Non-maintainer upload.
* Create cherry-picked patches for Security Fix (Closes: #700173 #700226).
- CVE-2013-0262: 0004-Prevent-symlink-path-traversals.patch
- CVE-2013-0263: 0005-Use-secure_compare-for-hmac-comparison.patch
[ Youhei SASAKI ]
* Create cherry-picked patches for Security Fix (Closes: #698440).
- CVE-2012-6109: 0001-Fix-parsing-performance-for-unquoted-filenames.patch
- CVE-2013-0183: 0002-multipart-parser-avoid-unbounded-gets-method.patch
- CVE-2013-0184: 0003-Reimplement-auth-scheme-fix.patch
-- KURASHIKI Satoru <[email protected]> Wed, 20 Feb 2013 20:56:31 +0900
** Affects: ruby-rack (Ubuntu)
Importance: Undecided
Status: New
** Tags: ftbfs
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1139682
Title:
Sync ruby-rack 1.4.1-2.1 (universe) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/1139682/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
