+++ This bug was initially created as a clone of Bug #10890 +++ Fedora has issued an advisory on July 20: https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112716.html The issue is fixed upstream in 4.0.8. While this issue is similar to CVE-2013-2119, it sounds like the version in Mageia 2 (2.2.x) is probably affected this time as well. Fedora has a patch for 3.0.21. Update: Mageia 2 is vulnerable, but I don't see any patches out there for rubygem-passenger 2.2.x. I'll open this bug report for Mageia 2, and if a patch turns up for it later, use this for a Mageia 2 update. Otherwise it'll stay open until Mageia 2 EOL.
Assignee: bugsquad => fundawang
Closing this now due to Mageia 2 EOL. http://blog.mageia.org/en/2013/11/21/farewell-mageia-2/
Status: NEW => RESOLVEDResolution: (none) => OLD