Candidate: CVE-2013-0334
PublicDate: 2014-10-31 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0334
Description:
 Bundler before 1.7, when multiple top-level source lines are used, allows
 remote attackers to install arbitrary gems by creating a gem with the same
 name as another gem in a different source.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_bundler:
upstream_bundler: released (1.7.2-1)
lucid_bundler: DNE
precise_bundler: DNE
precise/esm_bundler: DNE
trusty_bundler: ignored (reached end-of-life)
trusty/esm_bundler: DNE (trusty was needed)
utopic_bundler: ignored (reached end-of-life)
vivid_bundler: not-affected (1.7.4-1)
vivid/stable-phone-overlay_bundler: DNE
vivid/ubuntu-core_bundler: DNE
wily_bundler: not-affected (1.10.6-1)
xenial_bundler: not-affected (1.10.6-2)
yakkety_bundler: not-affected (1.10.6-2)
zesty_bundler: not-affected (1.10.6-2)
artful_bundler: not-affected (1.10.6-2)
bionic_bundler: not-affected (1.10.6-2)
cosmic_bundler: not-affected (1.10.6-2)
disco_bundler: not-affected (1.10.6-2)
devel_bundler: not-affected (1.10.6-2)