RoR: CVE-2013-0155 and CVE-2013-0156 [was Re: ruby and CVE-2012-5664]
Steve Wills
swills at FreeBSD.org
Sun Jan 13 21:09:51 UTC 2013
On 01/10/13 17:36, Eric wrote:
>>> On 01/05/13 20:58, Olli Hauer wrote:
>>> It seems there are new releases for ruby because an security issue
>>> CVE-2012-5664
>>>
>> The issue is in Ruby On Rails, not Ruby itself. There's an update to
>> Ruby 1.9, but it's not a security issue. I'll see what I can do about
>> the Rails update first, then the rest later.
>>
>> Steve
>
> Following up on the update to Rails, it doesn't look like it's a good new
> year for Ruby on Rails:
>
> http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15
> -have-been-released/
>
> Two more serious exploits listed:
>
> CVE-2013-0155:
> https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b7
> 5585bae4326af2
>
> CVE-2013-0156
> https://groups.google.com/group/rubyonrails-security/browse_thread/thread/eb
> 56e482f9d21934
>
Yeah, I committed the fixes and vuxml for both sets at the same time.
Thanks!
Steve
More information about the freebsd-ruby
mailing list