A flaw that was fixed in 1.4.4, 1.3.9, 1.2.7, and 1.1.5 was also announced [4] that creates a minor denial of service condition, this time in the Rack::Auth::AbstractRequest, where it symbolized arbitrary strings (apparently this has something to do with authentication, but there is no further information provided other than the fix [5] itself, which is noted as "a breaking API change"). [4] https://groups.google.com/forum/#!topic/rack-devel/ImYOqcGiksw/discussion [5] https://github.com/rack/rack/commit/0c76175fcccad74ba2f991c487d3669c28a297c8
Created rubygem-rack tracking bugs for this issue Affects: fedora-all [bug 895285]
Created rubygem-rack tracking bugs for this issue Affects: epel-all [bug 771152]
Kurt, what is this patch about? Where did you got it? It seems to be reverse patch of the last patches in each branch in rack repository.
This [1] is the right fix for 1.4 I would say [1] https://github.com/rack/rack/commit/87df8796a6e4555ec8fd3817c419c6b44b7ca459
To Vit's comment#9, this appears to be the patch for 1.3 https://github.com/rack/rack/commit/89f6fc8ff3c72a8304de4561b36b65ae4cc8e20a
rubygem-rack-1.3.0-3.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
rubygem-rack-1.4.0-4.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
rubygem-rack-1.4.0-3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: CloudForms for RHEL 6 Via RHSA-2013:0548 https://rhn.redhat.com/errata/RHSA-2013-0548.html
This issue has been addressed in following products: Red Hat Subscription Asset Manager 1.2 Via RHSA-2013:0544 https://rhn.redhat.com/errata/RHSA-2013-0544.html