[DRE-maint] Bug#700173: ruby-rack: CVE-2013-0262 and CVE-2013-0263
Satoru KURASHIKI
lurdan at gmail.com
Thu Mar 7 11:18:00 UTC 2013
dear security team,
On Mon, Feb 11, 2013 at 1:24 PM, Satoru KURASHIKI <lurdan at gmail.com> wrote:
> I've contacted Youhei SASAKI (maintainer of ruby-rack, successor of
> librack-ruby),
> and acknowledged about preparing NMU for this bug.
>
> Please audit this patch, after that I will prepare NMU for squeeze.
> (and after that t-p-u, unstable, ...)
I've created a NMU debdiff for stable, which includes these fixes:
#698440 (CVE-2013-0184)
#700226 (CVE-2013-0263)
These are already applied in unstable/testing.
Please consider to update stable version of librack-ruby with
attached debdiff to close those CVE issues.
regards,
--
KURASHIKI Satoru
-------------- next part --------------
A non-text attachment was scrubbed...
Name: librack-ruby_s-p-u.debdiff
Type: application/octet-stream
Size: 6817 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20130307/a8e77096/attachment-0005.obj>
More information about the Pkg-ruby-extras-maintainers
mailing list