Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update
  • Date: Thu, 27 Mar 2014 16:04:16 +0100
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <jmm AT inutil.org>
  • Priority: urgent
  • Resent-date: Thu, 27 Mar 2014 15:04:44 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <kC6GXEHIjNN.A.jJF.M4DNTB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2888-1 security AT debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby-actionpack-3.2
CVE ID : CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415
CVE-2013-6417

Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes
discovered multiple cross-site scripting and denial of service
vulnerabilities in Ruby Actionpack.

For the stable distribution (wheezy), these problems have been fixed in
version 3.2.6-6+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 3.2.16-3+0 of the rails-3.2 source package.

We recommend that you upgrade your ruby-actionpack-3.2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTND1nAAoJEBDCk7bDfE42ncsP/R6qyZGDmPuzhg6+rQ1TGa66
lopZCKj8HRg02B24gcD7BDhplkIR7zW8B5n29SH+0oKATEWMTxG1deT9y1qDZWZZ
ATx2vmeB53YUy2E+xDMCMdOgWVNYSNgJ2KFdXv80zjwjs7LZdlTrliVqW/GZ1fVK
0XCKwiU6D0xP0OEoLBVHQmWxtrux5gJo4zGIGemnhtw/pREJIjxP46SgHYpMtpY4
a44v+y5OmzP3273t946Hk1ak+J77B78cviKXMQ5U6PYgJ7RyNrowAboVb1ABkehj
Q5V0EIq3MesoIL+ideFfbMAjppKCxolD0SMa6aR0Qk6h59vNEY9U/pplhVBrIV1u
ZgbJ0qkA8Y68q10E9FoAjoVTfoCVUymwn+U7UGfJx/ufaccl4uqkQwp8GTNkkTSy
4GkL6F/QNfKLuY/4BLkGYlUBcqXtQHPP3705MvGLeOF5zhiH9g6NpTKVO9Ze5/2j
GUeCcAwjSDppVAIZ+lzur4CTeQeX8ZdH8sDmDcQaEGhM+fPWgh86Ce1e+S+DcDmt
0oiXMV8ZsktakCnD5z3cJtZ5JWf5N8cBsWsIs4DXfeTKIKeRwj13FceY+WaOr/DX
a5I80QmeA9LvvHv/tVSZ7CcMgua048qt9v53tnYyUT5phyUQ4U/0nHbhkApG0QsC
c0Flt07uQes26fblQEWr
=+BNy
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: https://lists.debian.org/20140327150415.GC2445 AT pisco.westfalen.local



  • [IT-SecNots] [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update, Moritz Muehlenhoff, 27.03.2014

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang