[Bug 425988] Re: all versions of rails are vunerable to CVE-2009-3009
Scott Kitterman
ubuntu at kitterman.com
Wed Sep 16 02:59:48 UTC 2009
Fixed in Karmic:
rails (2.2.3-1) unstable; urgency=high
.
* New upstream release (closes: #545063)
+ Fixes XSS security hole [CVE-2009-3009]
+ Fixes timing issue with cookie store [CVE-2009-3086]
* Remove dependency on ruby-dbi, as it is not required by any of the
sources.
* Correct dependency on fixed libxml-simple-ruby to 1.0.11-2 or later
(closes: #538982)
* debian/control
+ Change section from web to ruby
+ Updated to debhelper 7.0+
+ Standards updated to 3.8.3 - no changes
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3086
** Changed in: rails (Ubuntu)
Status: Confirmed => Fix Released
** Also affects: rails (Ubuntu Dapper)
Importance: Undecided
Status: New
** Also affects: rails (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: rails (Ubuntu Intrepid)
Importance: Undecided
Status: New
** Also affects: rails (Ubuntu Jaunty)
Importance: Undecided
Status: New
** Changed in: rails (Ubuntu Dapper)
Status: New => Confirmed
** Changed in: rails (Ubuntu Hardy)
Status: New => Confirmed
** Changed in: rails (Ubuntu Intrepid)
Status: New => Confirmed
** Changed in: rails (Ubuntu Dapper)
Importance: Undecided => Medium
** Changed in: rails (Ubuntu Jaunty)
Status: New => Confirmed
** Changed in: rails (Ubuntu Jaunty)
Importance: Undecided => Medium
** Changed in: rails (Ubuntu Intrepid)
Importance: Undecided => Medium
** Changed in: rails (Ubuntu Hardy)
Importance: Undecided => Medium
--
all versions of rails are vunerable to CVE-2009-3009
https://bugs.launchpad.net/bugs/425988
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list