James Tucker (raggi) reports: CVE: CVE-2013-0262 Software: Rack (rack.github.com) Type of vulnerability: Information Disclosure Vulnerable code: https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56 Patch: https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30 Versions affected: All versions after 1.4.0 Versions fixed: 1.4.5, 1.5.2 Reporter: Ben Murphy
Created rubygem-rack tracking bugs for this issue Affects: fedora-17 [bug 909075]
Created rubygem-rack tracking bugs for this issue Affects: fedora-18 [bug 909076]
This issue has been addressed in following products: RHEL 6 Version of OpenShift Enterprise Via RHSA-2013:0638 https://rhn.redhat.com/errata/RHSA-2013-0638.html
rubygem-rack-1.4.0-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
rubygem-rack-1.4.0-5.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.