| Summary: | ruby-activerecord new security issue CVE-2014-3483 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Pascal Terjan <pterjan> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | 4 | ||
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/605460/ | ||
| Whiteboard: | |||
| Source RPM: | ruby-activerecord-4.1.2-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | 13339 | ||
| Bug Blocks: | |||
|
Description
David Walser
2014-07-02 21:43:31 CEST
David Walser
2014-07-02 21:43:42 CEST
Whiteboard:
(none) =>
MGA4TOO
David Walser
2014-07-02 21:43:52 CEST
Depends on:
(none) =>
13339 4.1.3 submitted to cauldron.
David Walser
2014-07-02 23:18:37 CEST
Whiteboard:
MGA4TOO =>
(none) 4.0.7 submitted to 4/updates_testing Thanks Pascal! Unfortunately it was just announced that the CVE fixed caused a regression. Patches against 4.0.7 and 4.1.3 are posted here: http://seclists.org/oss-sec/2014/q3/10 Submitted patched versions Thanks again Pascal! Upstream has released 4.1.4 and 4.0.8 to include the regression fix patches: http://weblog.rubyonrails.org/2014/7/2/Rails_4_0_8_and_4_1_4_have_been_released/ We can go with what you've already built, or you can update it again. I'll leave that up to you. We'll handle the update with QA in Bug 13339. I'll wait until tomorrow to assign to QA. 4.1.4 and 4.0.8 submitted Thank you so much Pascal! Sorry you had to do it three times :o( RedHat has issued an advisory for this on July 14: https://rhn.redhat.com/errata/RHSA-2014-0877.html URL:
(none) =>
http://lwn.net/Vulnerabilities/605460/ Fixed: http://advisories.mageia.org/MGASA-2014-0303.html Status:
NEW =>
RESOLVED |