BugTraq
[SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update Mar 27 2014 03:04PM
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2888-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2014 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
-

Package : ruby-actionpack-3.2
CVE ID : CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415
CVE-2013-6417

Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes
discovered multiple cross-site scripting and denial of service
vulnerabilities in Ruby Actionpack.

For the stable distribution (wheezy), these problems have been fixed in
version 3.2.6-6+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 3.2.16-3+0 of the rails-3.2 source package.

We recommend that you upgrade your ruby-actionpack-3.2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTND1nAAoJEBDCk7bDfE42ncsP/R6qyZGDmPuzhg6+rQ1TGa66
lopZCKj8HRg02B24gcD7BDhplkIR7zW8B5n29SH+0oKATEWMTxG1deT9y1qDZWZZ
ATx2vmeB53YUy2E+xDMCMdOgWVNYSNgJ2KFdXv80zjwjs7LZdlTrliVqW/GZ1fVK
0XCKwiU6D0xP0OEoLBVHQmWxtrux5gJo4zGIGemnhtw/pREJIjxP46SgHYpMtpY4
a44v+y5OmzP3273t946Hk1ak+J77B78cviKXMQ5U6PYgJ7RyNrowAboVb1ABkehj
Q5V0EIq3MesoIL+ideFfbMAjppKCxolD0SMa6aR0Qk6h59vNEY9U/pplhVBrIV1u
ZgbJ0qkA8Y68q10E9FoAjoVTfoCVUymwn+U7UGfJx/ufaccl4uqkQwp8GTNkkTSy
4GkL6F/QNfKLuY/4BLkGYlUBcqXtQHPP3705MvGLeOF5zhiH9g6NpTKVO9Ze5/2j
GUeCcAwjSDppVAIZ+lzur4CTeQeX8ZdH8sDmDcQaEGhM+fPWgh86Ce1e+S+DcDmt
0oiXMV8ZsktakCnD5z3cJtZ5JWf5N8cBsWsIs4DXfeTKIKeRwj13FceY+WaOr/DX
a5I80QmeA9LvvHv/tVSZ7CcMgua048qt9v53tnYyUT5phyUQ4U/0nHbhkApG0QsC
c0Flt07uQes26fblQEWr
=+BNy
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus