rubygems-2.0.10-106.fc20 security update
|Date Submitted:||2013-09-25 01:07:25|
|Date Released:||2013-09-26 04:48:35|
Previously a security flow was found on rubygems for validating versions with a regular expression which is vulnerable to denial of service due to backtracking. Although this was thought to be fixed in the previous rubygems, the fix was found imcomplete and the imcompleteness is now assigned as CVE-2013-4363.
A packaging bug was found that a directory was not properly owned.
This new rpm will fix this issue.Bugs Fixed1008866 - /usr/share/gems/doc ownershipbodhi - 2013-09-25 01:07:41This update has been submitted for testing by mtasaka.
bodhi - 2013-09-25 15:24:36This update is currently being pushed to the Fedora 20 testing updates repository.
bodhi - 2013-09-26 06:03:58This update has been pushed to testing
besser82 - 2013-09-28 12:31:36LGTM :)
bodhi - 2013-09-30 09:09:17This update has been submitted for stable by mtasaka.
bodhi - 2013-09-30 17:26:12This update is currently being pushed to the Fedora 20 stable updates repository.
bodhi - 2013-10-01 02:11:24This update has been pushed to stable