[Bug 1139682] [NEW] Sync ruby-rack 1.4.1-2.1 (universe) from Debian unstable (main)
Launchpad Bug Tracker
1139682 at bugs.launchpad.net
Sat Mar 2 10:13:23 UTC 2013
You have been subscribed to a public bug by Grant Woodford (woodford-gw):
Please sync ruby-rack 1.4.1-2.1 (universe) from Debian unstable (main)
Changelog entries since current raring version 1.4.1-2:
ruby-rack (1.4.1-2.1) unstable; urgency=high
[ KURASHIKI Satoru ]
* Non-maintainer upload.
* Create cherry-picked patches for Security Fix (Closes: #700173 #700226).
- CVE-2013-0262: 0004-Prevent-symlink-path-traversals.patch
- CVE-2013-0263: 0005-Use-secure_compare-for-hmac-comparison.patch
[ Youhei SASAKI ]
* Create cherry-picked patches for Security Fix (Closes: #698440).
- CVE-2012-6109: 0001-Fix-parsing-performance-for-unquoted-filenames.patch
- CVE-2013-0183: 0002-multipart-parser-avoid-unbounded-gets-method.patch
- CVE-2013-0184: 0003-Reimplement-auth-scheme-fix.patch
-- KURASHIKI Satoru <lurdan at gmail.com> Wed, 20 Feb 2013 20:56:31 +0900
** Affects: ruby-rack (Ubuntu)
Importance: Undecided
Status: New
--
Sync ruby-rack 1.4.1-2.1 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/1139682
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list