Candidate: CVE-2014-7829
PublicDate: 2014-11-18 23:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829
 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ
Description:
 Directory traversal vulnerability in
 actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby
 on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and
 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows
 remote attackers to determine the existence of files outside the
 application root via vectors involving a \ (backslash) character, a similar
 issue to CVE-2014-7818.
Ubuntu-Description:
Notes:
 seth-arnold> in Oneiric-Saucy, rails package is just for transition
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_rails:
upstream_rails: needs-triage
lucid_rails: ignored (reached end-of-life)
precise_rails: not-affected (contains no code)
precise/esm_rails: DNE (precise was not-affected [contains no code])
trusty_rails: not-affected (contains no code)
trusty/esm_rails: DNE (trusty was not-affected [contains no code])
utopic_rails: not-affected (contains no code)
vivid_rails: not-affected (contains no code)
vivid/stable-phone-overlay_rails: DNE
vivid/ubuntu-core_rails: DNE
wily_rails: not-affected (contains no code)
xenial_rails: not-affected (contains no code)
yakkety_rails: not-affected (contains no code)
zesty_rails: not-affected (contains no code)
artful_rails: not-affected (contains no code)
bionic_rails: not-affected (contains no code)
cosmic_rails: not-affected (contains no code)
disco_rails: not-affected (contains no code)
devel_rails: not-affected (contains no code)

Patches_ruby-rails-2.3:
upstream_ruby-rails-2.3: ignored (reached end-of-life)
lucid_ruby-rails-2.3: DNE
precise_ruby-rails-2.3: ignored (reached end-of-life)
precise/esm_ruby-rails-2.3: DNE (precise was needs-triage)
trusty_ruby-rails-2.3: DNE
trusty/esm_ruby-rails-2.3: DNE
utopic_ruby-rails-2.3: DNE
vivid_ruby-rails-2.3: DNE
vivid/stable-phone-overlay_ruby-rails-2.3: DNE
vivid/ubuntu-core_ruby-rails-2.3: DNE
wily_ruby-rails-2.3: DNE
xenial_ruby-rails-2.3: DNE
yakkety_ruby-rails-2.3: DNE
zesty_ruby-rails-2.3: DNE
artful_ruby-rails-2.3: DNE
bionic_ruby-rails-2.3: DNE
cosmic_ruby-rails-2.3: DNE
disco_ruby-rails-2.3: DNE
devel_ruby-rails-2.3: DNE

Patches_ruby-actionpack-2.3:
upstream_ruby-actionpack-2.3: ignored (reached end-of-life)
lucid_ruby-actionpack-2.3: DNE
precise_ruby-actionpack-2.3: ignored (reached end-of-life)
precise/esm_ruby-actionpack-2.3: DNE (precise was needs-triage)
trusty_ruby-actionpack-2.3: DNE
trusty/esm_ruby-actionpack-2.3: DNE
utopic_ruby-actionpack-2.3: DNE
vivid_ruby-actionpack-2.3: DNE
vivid/stable-phone-overlay_ruby-actionpack-2.3: DNE
vivid/ubuntu-core_ruby-actionpack-2.3: DNE
wily_ruby-actionpack-2.3: DNE
xenial_ruby-actionpack-2.3: DNE
yakkety_ruby-actionpack-2.3: DNE
zesty_ruby-actionpack-2.3: DNE
artful_ruby-actionpack-2.3: DNE
bionic_ruby-actionpack-2.3: DNE
cosmic_ruby-actionpack-2.3: DNE
disco_ruby-actionpack-2.3: DNE
devel_ruby-actionpack-2.3: DNE

Patches_ruby-activesupport-2.3:
upstream_ruby-activesupport-2.3: ignored (reached end-of-life)
lucid_ruby-activesupport-2.3: DNE
precise_ruby-activesupport-2.3: ignored (reached end-of-life)
precise/esm_ruby-activesupport-2.3: DNE (precise was needs-triage)
trusty_ruby-activesupport-2.3: DNE
trusty/esm_ruby-activesupport-2.3: DNE
utopic_ruby-activesupport-2.3: DNE
vivid_ruby-activesupport-2.3: DNE
vivid/stable-phone-overlay_ruby-activesupport-2.3: DNE
vivid/ubuntu-core_ruby-activesupport-2.3: DNE
wily_ruby-activesupport-2.3: DNE
xenial_ruby-activesupport-2.3: DNE
yakkety_ruby-activesupport-2.3: DNE
zesty_ruby-activesupport-2.3: DNE
artful_ruby-activesupport-2.3: DNE
bionic_ruby-activesupport-2.3: DNE
cosmic_ruby-activesupport-2.3: DNE
disco_ruby-activesupport-2.3: DNE
devel_ruby-activesupport-2.3: DNE

Patches_ruby-activerecord-2.3:
upstream_ruby-activerecord-2.3: ignored (reached end-of-life)
lucid_ruby-activerecord-2.3: DNE
precise_ruby-activerecord-2.3: ignored (reached end-of-life)
precise/esm_ruby-activerecord-2.3: DNE (precise was needs-triage)
trusty_ruby-activerecord-2.3: DNE
trusty/esm_ruby-activerecord-2.3: DNE
utopic_ruby-activerecord-2.3: DNE
vivid_ruby-activerecord-2.3: DNE
vivid/stable-phone-overlay_ruby-activerecord-2.3: DNE
vivid/ubuntu-core_ruby-activerecord-2.3: DNE
wily_ruby-activerecord-2.3: DNE
xenial_ruby-activerecord-2.3: DNE
yakkety_ruby-activerecord-2.3: DNE
zesty_ruby-activerecord-2.3: DNE
artful_ruby-activerecord-2.3: DNE
bionic_ruby-activerecord-2.3: DNE
cosmic_ruby-activerecord-2.3: DNE
disco_ruby-activerecord-2.3: DNE
devel_ruby-activerecord-2.3: DNE

Patches_ruby-rails-3.2:
upstream_ruby-rails-3.2: needs-triage
lucid_ruby-rails-3.2: DNE
precise_ruby-rails-3.2: DNE
precise/esm_ruby-rails-3.2: DNE
trusty_ruby-rails-3.2: ignored (reached end-of-life)
trusty/esm_ruby-rails-3.2: DNE (trusty was needs-triage)
utopic_ruby-rails-3.2: DNE
vivid_ruby-rails-3.2: DNE
vivid/stable-phone-overlay_ruby-rails-3.2: DNE
vivid/ubuntu-core_ruby-rails-3.2: DNE
wily_ruby-rails-3.2: DNE
xenial_ruby-rails-3.2: DNE
yakkety_ruby-rails-3.2: DNE
zesty_ruby-rails-3.2: DNE
artful_ruby-rails-3.2: DNE
bionic_ruby-rails-3.2: DNE
cosmic_ruby-rails-3.2: DNE
disco_ruby-rails-3.2: DNE
devel_ruby-rails-3.2: DNE

Patches_ruby-actionpack-3.2:
upstream_ruby-actionpack-3.2: needs-triage
lucid_ruby-actionpack-3.2: DNE
precise_ruby-actionpack-3.2: DNE
precise/esm_ruby-actionpack-3.2: DNE
trusty_ruby-actionpack-3.2: ignored (reached end-of-life)
trusty/esm_ruby-actionpack-3.2: DNE (trusty was needed)
utopic_ruby-actionpack-3.2: DNE
vivid_ruby-actionpack-3.2: DNE
vivid/stable-phone-overlay_ruby-actionpack-3.2: DNE
vivid/ubuntu-core_ruby-actionpack-3.2: DNE
wily_ruby-actionpack-3.2: DNE
xenial_ruby-actionpack-3.2: DNE
yakkety_ruby-actionpack-3.2: DNE
zesty_ruby-actionpack-3.2: DNE
artful_ruby-actionpack-3.2: DNE
bionic_ruby-actionpack-3.2: DNE
cosmic_ruby-actionpack-3.2: DNE
disco_ruby-actionpack-3.2: DNE
devel_ruby-actionpack-3.2: DNE

Patches_ruby-activesupport-3.2:
upstream_ruby-activesupport-3.2: needs-triage
lucid_ruby-activesupport-3.2: DNE
precise_ruby-activesupport-3.2: DNE
precise/esm_ruby-activesupport-3.2: DNE
trusty_ruby-activesupport-3.2: not-affected (code not present)
trusty/esm_ruby-activesupport-3.2: DNE (trusty was not-affected [code not present])
utopic_ruby-activesupport-3.2: DNE
vivid_ruby-activesupport-3.2: DNE
vivid/stable-phone-overlay_ruby-activesupport-3.2: DNE
vivid/ubuntu-core_ruby-activesupport-3.2: DNE
wily_ruby-activesupport-3.2: DNE
xenial_ruby-activesupport-3.2: DNE
yakkety_ruby-activesupport-3.2: DNE
zesty_ruby-activesupport-3.2: DNE
artful_ruby-activesupport-3.2: DNE
bionic_ruby-activesupport-3.2: DNE
cosmic_ruby-activesupport-3.2: DNE
disco_ruby-activesupport-3.2: DNE
devel_ruby-activesupport-3.2: DNE

Patches_ruby-activerecord-3.2:
upstream_ruby-activerecord-3.2: needs-triage
lucid_ruby-activerecord-3.2: DNE
precise_ruby-activerecord-3.2: DNE
precise/esm_ruby-activerecord-3.2: DNE
trusty_ruby-activerecord-3.2: not-affected (code not present)
trusty/esm_ruby-activerecord-3.2: DNE (trusty was not-affected [code not present])
utopic_ruby-activerecord-3.2: DNE
vivid_ruby-activerecord-3.2: DNE
vivid/stable-phone-overlay_ruby-activerecord-3.2: DNE
vivid/ubuntu-core_ruby-activerecord-3.2: DNE
wily_ruby-activerecord-3.2: DNE
xenial_ruby-activerecord-3.2: DNE
yakkety_ruby-activerecord-3.2: DNE
zesty_ruby-activerecord-3.2: DNE
artful_ruby-activerecord-3.2: DNE
bionic_ruby-activerecord-3.2: DNE
cosmic_ruby-activerecord-3.2: DNE
disco_ruby-activerecord-3.2: DNE
devel_ruby-activerecord-3.2: DNE

Patches_rails-4.0:
upstream_rails-4.0: released (4.0.12)
lucid_rails-4.0: DNE
precise_rails-4.0: DNE
precise/esm_rails-4.0: DNE
trusty_rails-4.0: ignored (reached end-of-life)
trusty/esm_rails-4.0: DNE (trusty was needed)
utopic_rails-4.0: ignored (reached end-of-life)
vivid_rails-4.0: DNE
vivid/stable-phone-overlay_rails-4.0: DNE
vivid/ubuntu-core_rails-4.0: DNE
wily_rails-4.0: DNE
xenial_rails-4.0: DNE
yakkety_rails-4.0: DNE
zesty_rails-4.0: DNE
artful_rails-4.0: DNE
bionic_rails-4.0: DNE
cosmic_rails-4.0: DNE
disco_rails-4.0: DNE
devel_rails-4.0: DNE

Patches_rails-3.2:
upstream_rails-3.2: released (3.2.21)
lucid_rails-3.2: DNE
precise_rails-3.2: DNE
precise/esm_rails-3.2: DNE
trusty_rails-3.2: DNE
trusty/esm_rails-3.2: DNE
utopic_rails-3.2: ignored (reached end-of-life)
vivid_rails-3.2: DNE
vivid/stable-phone-overlay_rails-3.2: DNE
vivid/ubuntu-core_rails-3.2: DNE
wily_rails-3.2: DNE
xenial_rails-3.2: DNE
yakkety_rails-3.2: DNE
zesty_rails-3.2: DNE
artful_rails-3.2: DNE
bionic_rails-3.2: DNE
cosmic_rails-3.2: DNE
disco_rails-3.2: DNE
devel_rails-3.2: DNE