Candidate: CVE-2012-6109
PublicDate: 2013-03-01 05:40:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6109
Description:
 lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x
 before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression,
 which allows remote attackers to cause a denial of service (infinite loop)
 via a crafted Content-Disposion header.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=895277
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_ruby-rack:
 upstream: https://github.com/rack/rack/commit/4fc44671b3cad569421f4f8b775c0590b86f575e
upstream_ruby-rack: released (1.4.2)
hardy_ruby-rack: DNE
lucid_ruby-rack: DNE
oneiric_ruby-rack: DNE
precise_ruby-rack: ignored (reached end-of-life)
precise/esm_ruby-rack: DNE (precise was needed)
quantal_ruby-rack: ignored (reached end-of-life)
raring_ruby-rack: ignored (reached end-of-life)
saucy_ruby-rack: released (1.5.2-1)
trusty_ruby-rack: released (1.5.2-1)
trusty/esm_ruby-rack: released (1.5.2-1)
utopic_ruby-rack: released (1.5.2-1)
vivid_ruby-rack: released (1.5.2-1)
vivid/stable-phone-overlay_ruby-rack: DNE
vivid/ubuntu-core_ruby-rack: DNE
wily_ruby-rack: released (1.5.2-1)
xenial_ruby-rack: released (1.5.2-1)
yakkety_ruby-rack: released (1.5.2-1)
zesty_ruby-rack: released (1.5.2-1)
devel_ruby-rack: released (1.5.2-1)