Tasha Drew reports: Researchers investigating the Rails parameter parsing vulnerability discovered that the same or similar vulnerable code had made its way into multiple other libraries. If your application uses these libraries to process untrusted data, it may still be vulnerable even if you have upgraded Rails. Check your Gemfile and Gemfile.lock for vulnerable versions of the following libraries, and if you are using one, update it immediately. You can update each of these by using "bundle update <gem name>". Vulnerable: <= 0.3.1 Fixed in: 0.3.2 Upstream fix: https://github.com/jnunemaker/crack/commit/e3da1212a1f84a898ee3601336d1dbbf118fb5f6 References: https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately https://rubygems.org/gems/crack/
Created rubygem-crack tracking bugs for this issue Affects: epel-all [bug 917237]
Created rubygem-crack tracking bugs for this issue Affects: fedora-all [bug 917238]
Statement removed due to typo.