logo
DATABASE RESOURCES PRICING ABOUT US

[SECURITY] [DLA 215-1] libjson-ruby security update

Description

Package : libjson-ruby Version : 1.1.9-1+deb6u1 CVE ID : CVE-2013-0269 The JSON gem for Ruby allowed remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability." For Debian 6 “Squeeze”, this issue has been fixed in libjson-ruby version 1.1.9-1+deb6u1. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ Attachment: signature.asc Description: Digital signature


Affected Package


OS OS Version Package Name Package Version
Debian 6 ruby1.9.1 1.9.2.0-2+deb6u5
Debian 6 libruby1.9.1-dbg 1.9.2.0-2+deb6u5
Debian 6 libruby1.9.1 1.9.2.0-2+deb6u5
Debian 6 libtcltk-ruby1.9.1 1.9.2.0-2+deb6u5
Debian 6 libtcltk-ruby1.9.1 1.9.2.0-2+deb6u5
Debian 6 edit-json 1.1.9-1+deb6u1
Debian 6 libjson-ruby 1.1.9-1+deb6u1
Debian 6 libjson-ruby-doc 1.1.9-1+deb6u1
Debian 6 ruby1.9.1 1.9.2.0-2+deb6u5
Debian 6 ruby1.9.1-elisp 1.9.2.0-2+deb6u5
Debian 6 ruby1.9.1 1.9.2.0-2+deb6u5
Debian 6 libruby1.9.1 1.9.2.0-2+deb6u5
Debian 6 ruby1.9.1-dev 1.9.2.0-2+deb6u5
Debian 6 libruby1.9.1-dbg 1.9.2.0-2+deb6u5
Debian 6 ruby1.9.1-full 1.9.2.0-2+deb6u5
Debian 6 ruby1.9.1-examples 1.9.2.0-2+deb6u5
Debian 6 ri1.9.1 1.9.2.0-2+deb6u5
Debian 6 libjson-ruby1.8 1.1.9-1+deb6u1
Debian 6 ruby1.9.1-dev 1.9.2.0-2+deb6u5
Debian 6 libjson-ruby1.8 1.1.9-1+deb6u1

Related