Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 489212

Summary: <dev-ruby/actionmailer-3.2.15: Format string vulnerabilities (CVE-2013-4389)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: trivial CC: ruby
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [cleanup]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2013-10-24 00:17:57 UTC 
CVE-2013-4389 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4389):
  Multiple format string vulnerabilities in log_subscriber.rb files in the log
  subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15
  allow remote attackers to cause a denial of service via a crafted e-mail
  address that is improperly handled during construction of a log message.


Needs cleanup.
Comment 1 Agostino Sarubbo gentoo-dev 2013-10-24 04:50:11 UTC 

*** This bug has been marked as a duplicate of bug 488298 ***