Bug 909633 (CVE-2013-0277)
Summary: | CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | urgent | Docs Contact: | |||||||
Priority: | urgent | ||||||||
Version: | unspecified | CC: | bkabrda, bkearney, bleanhar, bressers, ccoleman, cpelland, dajohnso, dmcphers, jeckersb, jialiu, jomara, jrafanie, lmeyer, mastahnke, mmccune, morazi, msuchy, obarenbo, sclewis, security-response-team, tkramer, vanmeeuwen+fedora, vondruch | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2014-03-11 04:31:52 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 909635, 909636, 909638, 909639, 946623, 949207, 988646, 995667 | ||||||||
Bug Blocks: | 909634, 1011266 | ||||||||
Attachments: |
|
Description
Kurt Seifried
2013-02-10 01:52:58 UTC
Created attachment 696264 [details]
2-3-serialize-cve-2013-0277.patch
Created attachment 696265 [details]
3-0-serialize-cve-2013-0277.patch
Public via: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU http://thread.gmane.org/gmane.comp.security.oss.general/9351 Could you please create tracking bug for Fedora? Thank you. rubygem-activerecord-3.0.11-6.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Created rubygem-activesupport tracking bugs for this issue Affects: fedora-all [bug 949207] (In reply to comment #7) > Could you please create tracking bug for Fedora? Thank you. Apologies, next time can you mark this as needinfo? Created tracking bug #949207 Comment removed due to typo. Acknowledgements: Red Hat would like to thank the Ruby on Rails project for reporting this issue. The Ruby on Rails project acknowledges Tobias Kraze as the original reporter. |