Candidate: CVE-2009-3086
PublicDate: 2009-09-08 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086
Description:
 A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before
 2.3.4, leaks information about the complexity of message-digest signature
 verification in the cookie store, which might allow remote attackers to
 forge a digest via multiple attempts.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_rails:
upstream_rails: released (2.2.3)
dapper_rails: not-affected
hardy_rails: not-affected
intrepid_rails: needed (reached end-of-life)
jaunty_rails: ignored (reached end-of-life)
karmic_rails: not-affected (2.2.3-1)
lucid_rails: not-affected (2.2.3-1)
maverick_rails: not-affected (2.2.3-1)
devel_rails: not-affected (2.2.3-1)