FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Ruby Rack Gem -- Multiple Issues

Affected packages
rubygem18-rack < 1.4.5
rubygem19-rack < 1.4.5

Details

VuXML ID fcfdabb7-f14d-4e61-a7d5-cfefb4b99b15
Discovery 2013-02-08
Entry 2013-02-17

Rack developers report:

Today we are proud to announce the release of Rack 1.4.5.

Fix CVE-2013-0263, timing attack against Rack::Session::Cookie

Fix CVE-2013-0262, symlink path traversal in Rack::File

[source]

References

CVE Name CVE-2013-0262
CVE Name CVE-2013-0263

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.