Bug 909072 (CVE-2013-0262) - CVE-2013-0262 rubygem-rack: Path sanitization information disclosure
Summary: CVE-2013-0262 rubygem-rack: Path sanitization information disclosure
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-0262
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 909075 909076 909077 909078
Blocks: 909080
TreeView+ depends on / blocked
 
Reported: 2013-02-08 07:59 UTC by Kurt Seifried
Modified: 2019-09-29 13:00 UTC (History)
27 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-15 04:17:24 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Novell 802795 0 None None None Never
Red Hat Product Errata RHSA-2013:0638 0 normal SHIPPED_LIVE Moderate: Red Hat OpenShift Enterprise 1.1.2 update 2013-03-12 21:57:36 UTC

Description Kurt Seifried 2013-02-08 07:59:43 UTC 
James Tucker (raggi) reports:

CVE: CVE-2013-0262
Software: Rack (rack.github.com)
Type of vulnerability: Information Disclosure
Vulnerable code: https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56
Patch: https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30
Versions affected: All versions after 1.4.0
Versions fixed: 1.4.5, 1.5.2
Reporter: Ben Murphy
Comment 1 Kurt Seifried 2013-02-08 08:02:12 UTC 
Created rubygem-rack tracking bugs for this issue

Affects: fedora-17 [bug 909075]
Comment 2 Kurt Seifried 2013-02-08 08:02:50 UTC 
Created rubygem-rack tracking bugs for this issue

Affects: fedora-18 [bug 909076]
Comment 5 errata-xmlrpc 2013-03-12 17:59:26 UTC 
This issue has been addressed in following products:

  RHEL 6 Version of OpenShift Enterprise

Via RHSA-2013:0638 https://rhn.redhat.com/errata/RHSA-2013-0638.html
Comment 6 Fedora Update System 2013-05-07 18:29:13 UTC 
rubygem-rack-1.4.0-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2013-05-07 18:32:53 UTC 
rubygem-rack-1.4.0-5.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.