Site Navigation:
security rubygems-2.0.10-106.fc19 security update
Status:stable
Release: Fedora 19
Update ID: FEDORA-2013-17662
Builds: rubygems-2.0.10-106.fc19 (logs)
Pushed: True
Date Submitted: 2013-09-25 01:07:51
Date Released: 2013-09-26 04:50:37
Submitter: mtasaka
Karma: 2
Stable karma: 3
Unstable karma: -30
Details

Previously a security flow was found on rubygems for validating versions with a regular expression which is vulnerable to denial of service due to backtracking. Although this was thought to be fixed in the previous rubygems, the fix was found imcomplete and the imcompleteness is now assigned as CVE-2013-4363.

A packaging bug was found that a directory was not properly owned.

This new rpm will fix this issue.

Bugs Fixed
1008866 - /usr/share/gems/doc ownership
Feedback
bodhi - 2013-09-25 01:07:59
This update has been submitted for testing by mtasaka.
bodhi - 2013-09-25 15:24:48
This update is currently being pushed to the Fedora 19 testing updates repository.
bodhi - 2013-09-26 06:27:11
This update has been pushed to testing
jvcelak - 2013-09-27 09:09:16
1008866 is fixed.
besser82 - 2013-09-28 18:49:34
LGTM :)
bodhi - 2013-10-03 07:38:48
This update has been submitted for stable by mtasaka.
bodhi - 2013-10-03 17:46:12
This update is currently being pushed to the Fedora 19 stable updates repository.
bodhi - 2013-10-04 02:00:59
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters