CVE-2013-4389

Note

in Oneiric+, rails package is just for transition
Only 3.x.x is affected; earlier and 4.0.x are safe
The patch standardizes some log handling across multiple packages,
but the security fix looks restricted to just one line in action mailer:
info("\nSent mail to #{recipients} ...
the other packages can be left alone.

Package	Release	Status
rails Launchpad, Ubuntu, Debian	lucid	Not vulnerable
	precise	Not vulnerable (contains no code)
	quantal	Not vulnerable (contains no code)
	raring	Not vulnerable (contains no code)
	saucy	Not vulnerable (contains no code)
	trusty	Does not exist (trusty was not-affected [contains no code])
	upstream	Released (3.2.15, 4.0.0)
rails-4.0 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist (trusty was not-affected)
	upstream	Not vulnerable
ruby-actionmailer-2.3 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Not vulnerable
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	trusty	Does not exist
	upstream	Not vulnerable
ruby-actionmailer-3.2 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Ignored (end of life)
	raring	Ignored (end of life)
	saucy	Ignored (end of life)
	trusty	Does not exist (trusty was not-affected [3.2.16-1])
	upstream	Released (3.2.15)
	Patches: upstream: https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ
ruby-actionpack-2.3 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Not vulnerable
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	trusty	Does not exist
	upstream	Ignored (end of life)
ruby-actionpack-3.2 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	trusty	Does not exist (trusty was not-affected)
	upstream	Not vulnerable
ruby-activerecord-2.3 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Not vulnerable
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	trusty	Does not exist
	upstream	Ignored (end of life)
ruby-activerecord-3.2 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	trusty	Does not exist (trusty was not-affected)
	upstream	Not vulnerable
ruby-activesupport-2.3 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Not vulnerable
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	trusty	Does not exist
	upstream	Ignored (end of life)
ruby-activesupport-3.2 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	trusty	Does not exist (trusty was not-affected)
	upstream	Not vulnerable
ruby-rails-2.3 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Not vulnerable
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	trusty	Does not exist
	upstream	Ignored (end of life)
ruby-rails-3.2 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	trusty	Does not exist (trusty was not-affected)
	upstream	Not vulnerable

CVE-2013-4389

Notes

Priority

Status

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading