Candidate: CVE-2013-1802
PublicDate: 2013-04-09 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1802
Description:
 The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts
 of string values, which might allow remote attackers to conduct
 object-injection attacks and execute arbitrary code, or cause a denial of
 service (memory and CPU consumption) by leveraging Action Pack support for
 (1) YAML type conversion or (2) Symbol type conversion, a similar
 vulnerability to CVE-2013-0156.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ruby-extlib:
 upstream: https://github.com/datamapper/extlib/commit/4540e7102b803624cc2eade4bb8aaaa
 upstream: https://github.com/datamapper/extlib/commit/633974b2759d9b924657f3888473d5f
upstream_ruby-extlib: released (0.9.15-3)
hardy_ruby-extlib: DNE
lucid_ruby-extlib: DNE
oneiric_ruby-extlib: DNE
precise_ruby-extlib: DNE
precise/esm_ruby-extlib: DNE
quantal_ruby-extlib: ignored (reached end-of-life)
raring_ruby-extlib: not-affected (0.9.15-3)
saucy_ruby-extlib: not-affected (0.9.15-3)
trusty_ruby-extlib: not-affected (0.9.15-3)
trusty/esm_ruby-extlib: DNE (trusty was not-affected [0.9.15-3])
utopic_ruby-extlib: not-affected (0.9.15-3)
vivid_ruby-extlib: not-affected (0.9.15-3)
vivid/stable-phone-overlay_ruby-extlib: DNE
vivid/ubuntu-core_ruby-extlib: DNE
wily_ruby-extlib: not-affected (0.9.15-3)
xenial_ruby-extlib: not-affected (0.9.15-3)
yakkety_ruby-extlib: not-affected (0.9.15-3)
zesty_ruby-extlib: not-affected (0.9.15-3)
devel_ruby-extlib: not-affected (0.9.15-3)

Patches_libextlib-ruby:
upstream_libextlib-ruby: released (0.9.15-3)
hardy_libextlib-ruby: DNE
lucid_libextlib-ruby: ignored (reached end-of-life)
oneiric_libextlib-ruby: ignored (reached end-of-life)
precise_libextlib-ruby: ignored (reached end-of-life)
precise/esm_libextlib-ruby: DNE (precise was needed)
quantal_libextlib-ruby: DNE
raring_libextlib-ruby: DNE
saucy_libextlib-ruby: DNE
trusty_libextlib-ruby: DNE
trusty/esm_libextlib-ruby: DNE
utopic_libextlib-ruby: DNE
vivid_libextlib-ruby: DNE
vivid/stable-phone-overlay_libextlib-ruby: DNE
vivid/ubuntu-core_libextlib-ruby: DNE
wily_libextlib-ruby: DNE
xenial_libextlib-ruby: DNE
yakkety_libextlib-ruby: DNE
zesty_libextlib-ruby: DNE
devel_libextlib-ruby: DNE