Bug 7772 - ruby new security issues CVE-2012-4464, CVE-2012-4466, and CVE-2012-4522
Summary: ruby new security issues CVE-2012-4464, CVE-2012-4466, and CVE-2012-4522
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Funda Wang
QA Contact:
URL: http://lwn.net/Vulnerabilities/519491/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-12 00:00 CEST by David Walser
Modified: 2012-10-23 06:00 CEST (History)
1 user (show)

See Also:
Source RPM: ruby
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2012-10-12 00:00:12 CEST 
Ubuntu has issued an advisory today (October 11):
http://www.ubuntu.com/usn/usn-1602-1/

These issues only affect ruby 1.9 (in Cauldron).

There was another Ubuntu advisory for ruby 1.8, reported in Bug 7769.

For ruby 1.9, Ubuntu added a patch from upstream to fix these issues.

The patch, debian/patches/CVE-2012-4464_CVE-2012-4466.patch, is in here:
https://launchpad.net/ubuntu/+archive/primary/+files/ruby1.9.1_1.9.3.0-1ubuntu2.3.debian.tar.gz
David Walser 2012-10-12 00:00:24 CEST

CC: (none) => shlomif

Comment 1 David Walser 2012-10-23 05:35:39 CEST 
There's also CVE-2012-4522, fixed upstream in 1.9.3p286:
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html

from http://lwn.net/Vulnerabilities/520751/
David Walser 2012-10-23 05:36:13 CEST

Summary: ruby new security issues CVE-2012-4464 and CVE-2012-4466 => ruby new security issues CVE-2012-4464, CVE-2012-4466, and CVE-2012-4522

Comment 2 Funda Wang 2012-10-23 06:00:36 CEST 
already pushed into core/updates_testing.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.