RoR: CVE-2013-0155 and CVE-2013-0156 [was Re: ruby and CVE-2012-5664]
Eric
freebsdlists-ruby at chillibear.com
Thu Jan 10 17:36:54 UTC 2013
>> On 01/05/13 20:58, Olli Hauer wrote:
>> It seems there are new releases for ruby because an security issue
>> CVE-2012-5664
>>
> The issue is in Ruby On Rails, not Ruby itself. There's an update to
> Ruby 1.9, but it's not a security issue. I'll see what I can do about
> the Rails update first, then the rest later.
>
> Steve
Following up on the update to Rails, it doesn't look like it's a good new
year for Ruby on Rails:
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15
-have-been-released/
Two more serious exploits listed:
CVE-2013-0155:
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b7
5585bae4326af2
CVE-2013-0156
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/eb
56e482f9d21934
More information about the freebsd-ruby
mailing list