1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update

    From Moritz Muehlenhoff@1:229/2 to All on Thu Mar 27 16:20:02 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2888-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
    March 27, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ruby-actionpack-3.2
    CVE ID : CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415
    CVE-2013-6417

    Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service
    vulnerabilities in Ruby Actionpack.

    For the stable distribution (wheezy), these problems have been fixed in
    version 3.2.6-6+deb7u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 3.2.16-3+0 of the rails-3.2 source package.

    We recommend that you upgrade your ruby-actionpack-3.2 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJTND1nAAoJEBDCk7bDfE42ncsP/R6qyZGDmPuzhg6+rQ1TGa66 lopZCKj8HRg02B24gcD7BDhplkIR7zW8B5n29SH+0oKATEWMTxG1deT9y1qDZWZZ ATx2vmeB53YUy2E+xDMCMdOgWVNYSNgJ2KFdXv80zjwjs7LZdlTrliVqW/GZ1fVK 0XCKwiU6D0xP0OEoLBVHQmWxtrux5gJo4zGIGemnhtw/pREJIjxP46SgHYpMtpY4 a44v+y5OmzP3273t946Hk1ak+J77B78cviKXMQ5U6PYgJ7RyNrowAboVb1ABkehj Q5V0EIq3MesoIL+ideFfbMAjppKCxolD0SMa6aR0Qk6h59vNEY9U/pplhVBrIV1u ZgbJ0qkA8Y68q10E9FoAjoVTfoCVUymwn+U7UGfJx/ufaccl4uqkQwp8GTNkkTSy 4GkL6F/QNfKLuY/4BLkGYlUBcqXtQHPP3705MvGLeOF5zhiH9g6NpTKVO9Ze5/2j GUeCcAwjSDppVAIZ+lzur4CTeQeX8ZdH8sDmDcQaEGhM+fPWgh86Ce1e+S+DcDmt 0oiXMV8ZsktakCnD5z3cJtZ5JWf5N8cBsWsIs4DXfeTKIKeRwj13FceY+WaOr/DX a5I80QmeA9LvvHv/tVSZ7CcMgua048qt9v53tnYyUT5phyUQ4U/0nHbhkApG0QsC c0Flt07uQes26fblQEWr
    =+BNy
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)