Bug 7772

Summary: ruby new security issues CVE-2012-4464, CVE-2012-4466, and CVE-2012-4522
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Funda Wang <fundawang>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: shlomif
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/519491/
Whiteboard:
Source RPM: ruby CVE:
Status comment:

Description David Walser 2012-10-12 00:00:12 CEST 
Ubuntu has issued an advisory today (October 11):
http://www.ubuntu.com/usn/usn-1602-1/

These issues only affect ruby 1.9 (in Cauldron).

There was another Ubuntu advisory for ruby 1.8, reported in Bug 7769.

For ruby 1.9, Ubuntu added a patch from upstream to fix these issues.

The patch, debian/patches/CVE-2012-4464_CVE-2012-4466.patch, is in here:
https://launchpad.net/ubuntu/+archive/primary/+files/ruby1.9.1_1.9.3.0-1ubuntu2.3.debian.tar.gz
David Walser 2012-10-12 00:00:24 CEST

CC: (none) => shlomif

Comment 1 David Walser 2012-10-23 05:35:39 CEST 
There's also CVE-2012-4522, fixed upstream in 1.9.3p286:
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html

from http://lwn.net/Vulnerabilities/520751/
David Walser 2012-10-23 05:36:13 CEST

Summary: ruby new security issues CVE-2012-4464 and CVE-2012-4466 => ruby new security issues CVE-2012-4464, CVE-2012-4466, and CVE-2012-4522

Comment 2 Funda Wang 2012-10-23 06:00:36 CEST 
already pushed into core/updates_testing.

Status: NEW => RESOLVED
Resolution: (none) => FIXED