Bug 731432 (CVE-2011-2929)
Summary: | CVE-2011-2929 rubygem-actionpack: filter skipping vulnerability (Ruby on Rails) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bkearney, clalance, lutter, mastahnke, mhicks, mmorsi, mtasaka, sseago, vanmeeuwen+fedora, vondruch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | rubygem-actionpack 3.0.10, rubygem-actionpack 3.1.0 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-01-16 09:46:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 731440, 731448 | ||
Bug Blocks: | 732542 |
Description
Vincent Danen
2011-08-17 16:29:39 UTC
This flaw is in rubygem-actionpack, not rubygem-rails. Created rubygem-actionpack tracking bugs for this issue Affects: fedora-15 [bug 731448] I'm not really familiar with the Fedora security response procedures, but don't we also need a F-16 and rawhide bug as well? Since the flaw was just fixed yesterday, the problem will be in all 3. You should be able to use the same tracking bug for all three. OK, thanks, that's what I wanted to know. This issue has been assigned the name CVE-2011-2929: http://www.openwall.com/lists/oss-security/2011/08/19/11 This issue does not affect the version of rubygem-actionpack shipped with Fedora 14. This issue has been addressed in Fedora-15 and upcoming Fedora-16 via the following advisories: fedora-15: https://admin.fedoraproject.org/updates/rubygem-actionpack-3.0.5-4.fc15 fedora-16: https://admin.fedoraproject.org/updates/rubygem-activesupport-3.0.10-1.fc16,rubygem-activemodel-3.0.10-1.fc16,rubygem-activerecord-3.0.10-1.fc16,rubygem-activeresource-3.0.10-1.fc16,rubygem-actionpack-3.0.10-1.fc16,rubygem-actionmailer-3.0.10-1.fc16,rubygem-railties-3.0.10-1.fc16,rubygem-rails-3.0.10-1.fc16 |