Back to bug 892870
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kurt Seifried | 2013-01-08 05:57:29 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2013-01-08 05:57:29 UTC | Doc Type | --- | Bug Fix |
| Kurt Seifried | 2013-01-08 05:59:39 UTC | CC | bkearney, bleanhar, cpelland, jialiu, katello-bugs, katello-internal, lmeyer, mmccune, morazi, msuchy, rmillner, tkramer | |
| Kurt Seifried | 2013-01-08 06:09:40 UTC | Blocks | 892872 | |
| Kurt Seifried | 2013-01-08 06:15:04 UTC | Depends On | 892873 | |
| Kurt Seifried | 2013-01-08 06:17:43 UTC | Depends On | 892874 | |
| Kurt Seifried | 2013-01-08 06:19:00 UTC | Depends On | 892875 | |
| Kurt Seifried | 2013-01-08 06:20:58 UTC | Depends On | 892877 | |
| Kurt Seifried | 2013-01-08 06:54:57 UTC | Blocks | 892883 | |
| Kurt Seifried | 2013-01-08 20:22:43 UTC | Group | security, qe_staff | |
| Kurt Seifried | 2013-01-08 20:59:50 UTC | CC | hasari | |
| Kurt Seifried | 2013-01-08 21:01:12 UTC | Summary | EMBARGOED CVE-2013-0156 rubygem-actionpack: Multiple vulnerabilities in parameter parsing in ActionPack | CVE-2013-0156 rubygem-actionpack: Multiple vulnerabilities in parameter parsing in ActionPack |
| Kurt Seifried | 2013-01-08 21:14:15 UTC | Attachment #674510 Attachment is obsolete | 0 | 1 |
| Kurt Seifried | 2013-01-08 21:14:46 UTC | Attachment #674511 Attachment is obsolete | 0 | 1 |
| Kurt Seifried | 2013-01-08 21:15:33 UTC | Attachment #674512 Attachment is obsolete | 0 | 1 |
| Kurt Seifried | 2013-01-08 21:16:41 UTC | Attachment #674509 Attachment is obsolete | 0 | 1 |
| Kurt Seifried | 2013-01-08 21:19:37 UTC | Attachment #675068 Attachment is obsolete | 0 | 1 |
| Kurt Seifried | 2013-01-08 21:19:57 UTC | Attachment #675064 Attachment is obsolete | 0 | 1 |
| Kurt Seifried | 2013-01-08 21:20:19 UTC | Attachment #675066 Attachment is obsolete | 0 | 1 |
| Kurt Seifried | 2013-01-08 21:20:41 UTC | Attachment #675067 Attachment is obsolete | 0 | 1 |
| Tim Kramer | 2013-01-08 21:23:00 UTC | CC | tdawson | |
| Kurt Seifried | 2013-01-08 21:28:22 UTC | Attachment #675069 Attachment is obsolete | 0 | 1 |
| Kurt Seifried | 2013-01-08 21:28:53 UTC | Attachment #675070 Attachment is obsolete | 0 | 1 |
| Kurt Seifried | 2013-01-08 21:29:14 UTC | Attachment #675071 Attachment is obsolete | 0 | 1 |
| Kurt Seifried | 2013-01-08 21:29:35 UTC | Attachment #675072 Attachment is obsolete | 0 | 1 |
| Anders Kaseorg | 2013-01-08 21:38:01 UTC | CC | andersk | |
| Kurt Seifried | 2013-01-08 21:39:44 UTC | Attachment #675077 Attachment filename | actionpack-CVE-2012-0156-2-3-xml_parsing.patch | actionpack-CVE-2013-0156-2-3-xml_parsing.patch |
| Attachment #675077 Attachment description | actionpack-CVE-2012-0156-2-3-xml_parsing.patch | actionpack-CVE-2013-0156-2-3-xml_parsing.patch | ||
| Kurt Seifried | 2013-01-08 21:40:13 UTC | Attachment #675078 Attachment filename | actionpack-CVE-2012-0156-3-0-null_array_param.patch | actionpack-CVE-2013-0156-3-0-null_array_param.patch |
| Attachment #675078 Attachment description | actionpack-CVE-2012-0156-3-0-null_array_param.patch | actionpack-CVE-2013-0156-3-0-null_array_param.patch | ||
| Kurt Seifried | 2013-01-08 21:40:44 UTC | Attachment #675079 Attachment filename | actionpack-CVE-2012-0156-3-1-null_array_param.patch | actionpack-CVE-2013-0156-3-1-null_array_param.patch |
| Attachment #675079 Attachment description | actionpack-CVE-2012-0156-3-1-null_array_param.patch | actionpack-CVE-2013-0156-3-1-null_array_param.patch | ||
| Kurt Seifried | 2013-01-08 21:41:28 UTC | Attachment #675080 Attachment filename | actionpack-CVE-2012-0156-3-2-null_array_param.patch | actionpack-CVE-2013-0156-3-2-null_array_param.patch |
| Attachment #675080 Attachment description | actionpack-CVE-2012-0156-3-2-null_array_param.patch | actionpack-CVE-2013-0156-3-2-null_array_param.patch | ||
| Vincent Danen | 2013-01-09 01:30:10 UTC | Whiteboard | impact=important,public=no,reported=20130107,source=upstream,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,epel-5/rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected openshift-1/rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,cloudformscommon-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-enterprise-1/rubygem-actionpack=affected | impact=important,public=20130108,reported=20130107,source=upstream,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,epel-5/rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected openshift-1/rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,cloudformscommon-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-enterprise-1/rubygem-actionpack=affected |
| Vincent Danen | 2013-01-09 02:26:45 UTC | Depends On | 847202 | |
| Vincent Danen | 2013-01-09 02:27:02 UTC | Depends On | 893281 | |
| Mark J. Cox | 2013-01-09 11:13:14 UTC | CC | mjc | |
| Whiteboard | impact=important,public=20130108,reported=20130107,source=upstream,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,epel-5/rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected openshift-1/rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,cloudformscommon-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-enterprise-1/rubygem-actionpack=affected | impact=critical,public=20130108,reported=20130107,source=upstream,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,epel-5/rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected openshift-1/rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,cloudformscommon-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-enterprise-1/rubygem-actionpack=affected | ||
| Jan Lieskovsky | 2013-01-09 15:29:59 UTC | CC | jlieskov | |
| Summary | CVE-2013-0156 rubygem-actionpack: Multiple vulnerabilities in parameter parsing in ActionPack | CVE-2013-0156 rubygem-actionpack, rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack | ||
| Jan Lieskovsky | 2013-01-09 15:30:26 UTC | Priority | high | urgent |
| Severity | high | urgent | ||
| Tomas Hoger | 2013-01-09 15:59:17 UTC | Summary | CVE-2013-0156 rubygem-actionpack, rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack | CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack |
| Tomas Hoger | 2013-01-09 16:01:03 UTC | Whiteboard | impact=critical,public=20130108,reported=20130107,source=upstream,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,epel-5/rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected openshift-1/rubygem-actionpack=affected,sam-1/rubygem-actionpack=affected,cloudformscommon-1/rubygem-actionpack=affected,openshift-enterprise-1/ruby193-rubygem-actionpack=affected,openshift-enterprise-1/rubygem-actionpack=affected | impact=critical,public=20130108,reported=20130107,source=upstream,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cloudformscommon-1/rubygem-activesupport=affected,sam-1/rubygem-activesupport=affected,openshift-enterprise-1/ruby193-rubygem-activesupport=affected openshift-enterprise-1/rubygem-activesupport=affected,openshift-1/ruby193-rubygem-activesupport=affected,openshift-1/rubygem-activesupport=affected,fedora-all/rubygem-activesupport=affected,epel-5/rubygem-activesupport=affected |
| Tomas Hoger | 2013-01-09 16:01:30 UTC | CC | kanarip, mastahnke | |
| Tomas Hoger | 2013-01-09 16:15:17 UTC | Depends On | 892874 | |
| Tomas Hoger | 2013-01-09 16:16:04 UTC | Depends On | 893665 | |
| Tomas Hoger | 2013-01-09 16:39:18 UTC | Depends On | 892874 | |
| Giulio Fidente | 2013-01-10 18:08:39 UTC | CC | gfidente | |
| Tomas Hoger | 2013-01-16 08:37:09 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2013-01-16 03:37:09 UTC | |||
| Tomas Hoger | 2013-01-16 08:37:59 UTC | Blocks | 892883 | |
| Ramon de C Valle | 2013-01-17 13:09:38 UTC | CC | rcvalle | |
| Whiteboard | impact=critical,public=20130108,reported=20130107,source=upstream,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cloudformscommon-1/rubygem-activesupport=affected,sam-1/rubygem-activesupport=affected,openshift-enterprise-1/ruby193-rubygem-activesupport=affected openshift-enterprise-1/rubygem-activesupport=affected,openshift-1/ruby193-rubygem-activesupport=affected,openshift-1/rubygem-activesupport=affected,fedora-all/rubygem-activesupport=affected,epel-5/rubygem-activesupport=affected | impact=critical,public=20130108,reported=20130107,source=upstream,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cloudformscommon-1/rubygem-activesupport=affected,sam-1/rubygem-activesupport=affected,openshift-enterprise-1/ruby193-rubygem-activesupport=affected openshift-enterprise-1/rubygem-activesupport=affected,openshift-1/ruby193-rubygem-activesupport=affected,openshift-1/rubygem-activesupport=affected,fedora-all/rubygem-activesupport=affected,epel-5/rubygem-activesupport=affected,cwe=CWE-502 | ||
| Kurt Seifried | 2013-04-04 04:16:18 UTC | Depends On | 946303 | |
| Kurt Seifried | 2013-04-04 04:16:34 UTC | Depends On | 946331 | |
| Product Security DevOps Team | 2019-09-29 12:58:59 UTC | Whiteboard | impact=critical,public=20130108,reported=20130107,source=upstream,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cloudformscommon-1/rubygem-activesupport=affected,sam-1/rubygem-activesupport=affected,openshift-enterprise-1/ruby193-rubygem-activesupport=affected,openshift-enterprise-1/rubygem-activesupport=affected,openshift-1/ruby193-rubygem-activesupport=affected,openshift-1/rubygem-activesupport=affected,fedora-all/rubygem-activesupport=affected,epel-5/rubygem-activesupport=affected,cwe=CWE-502 |
Back to bug 892870