← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master

« back to all changes in this revision

Viewing changes to active/CVE-2014-7829

  • Committer: Steve Beattie
  • Date: 2019-02-19 06:18:27 UTC
  • Revision ID: sbeattie@ubuntu.com-20190219061827-oh57fzcfc1u9dlfk
The ubuntu-cve-tracker project has been converted to git.

Please use 'git clone https://git.launchpad.net/ubuntu-cve-tracker' to
get the converted tree.

Show diffs side-by-side

added added

removed removed

Lines of Context:
active/CVE-2014-7829
1
 
Candidate: CVE-2014-7829
2
 
PublicDate: 2014-11-18
3
 
References:
4
 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829
5
 
 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ
6
 
Description:
7
 
 Directory traversal vulnerability in
8
 
 actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby
9
 
 on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and
10
 
 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows
11
 
 remote attackers to determine the existence of files outside the
12
 
 application root via vectors involving a \ (backslash) character, a similar
13
 
 issue to CVE-2014-7818.
14
 
Ubuntu-Description:
15
 
Notes:
16
 
 sarnold> in Oneiric-Saucy, rails package is just for transition
17
 
Bugs:
18
 
Priority: low
19
 
Discovered-by:
20
 
Assigned-to:
21
 
 
22
 
Patches_rails:
23
 
upstream_rails: needs-triage
24
 
lucid_rails: ignored (reached end-of-life)
25
 
precise_rails: not-affected (contains no code)
26
 
precise/esm_rails: DNE (precise was not-affected [contains no code])
27
 
trusty_rails: not-affected (contains no code)
28
 
utopic_rails: not-affected (contains no code)
29
 
vivid_rails: not-affected (contains no code)
30
 
vivid/stable-phone-overlay_rails: DNE
31
 
vivid/ubuntu-core_rails: DNE
32
 
wily_rails: not-affected (contains no code)
33
 
xenial_rails: not-affected (contains no code)
34
 
yakkety_rails: not-affected (contains no code)
35
 
zesty_rails: not-affected (contains no code)
36
 
artful_rails: not-affected (contains no code)
37
 
bionic_rails: not-affected (contains no code)
38
 
devel_rails: not-affected (contains no code)
39
 
 
40
 
Patches_ruby-rails-2.3:
41
 
upstream_ruby-rails-2.3: ignored (reached end-of-life)
42
 
lucid_ruby-rails-2.3: DNE
43
 
precise_ruby-rails-2.3: ignored (reached end-of-life)
44
 
precise/esm_ruby-rails-2.3: DNE (precise was needs-triage)
45
 
trusty_ruby-rails-2.3: DNE
46
 
utopic_ruby-rails-2.3: DNE
47
 
vivid_ruby-rails-2.3: DNE
48
 
vivid/stable-phone-overlay_ruby-rails-2.3: DNE
49
 
vivid/ubuntu-core_ruby-rails-2.3: DNE
50
 
wily_ruby-rails-2.3: DNE
51
 
xenial_ruby-rails-2.3: DNE
52
 
yakkety_ruby-rails-2.3: DNE
53
 
zesty_ruby-rails-2.3: DNE
54
 
artful_ruby-rails-2.3: DNE
55
 
bionic_ruby-rails-2.3: DNE
56
 
devel_ruby-rails-2.3: DNE
57
 
 
58
 
Patches_ruby-actionpack-2.3:
59
 
upstream_ruby-actionpack-2.3: ignored (reached end-of-life)
60
 
lucid_ruby-actionpack-2.3: DNE
61
 
precise_ruby-actionpack-2.3: ignored (reached end-of-life)
62
 
precise/esm_ruby-actionpack-2.3: DNE (precise was needs-triage)
63
 
trusty_ruby-actionpack-2.3: DNE
64
 
utopic_ruby-actionpack-2.3: DNE
65
 
vivid_ruby-actionpack-2.3: DNE
66
 
vivid/stable-phone-overlay_ruby-actionpack-2.3: DNE
67
 
vivid/ubuntu-core_ruby-actionpack-2.3: DNE
68
 
wily_ruby-actionpack-2.3: DNE
69
 
xenial_ruby-actionpack-2.3: DNE
70
 
yakkety_ruby-actionpack-2.3: DNE
71
 
zesty_ruby-actionpack-2.3: DNE
72
 
artful_ruby-actionpack-2.3: DNE
73
 
bionic_ruby-actionpack-2.3: DNE
74
 
devel_ruby-actionpack-2.3: DNE
75
 
 
76
 
Patches_ruby-activesupport-2.3:
77
 
upstream_ruby-activesupport-2.3: ignored (reached end-of-life)
78
 
lucid_ruby-activesupport-2.3: DNE
79
 
precise_ruby-activesupport-2.3: ignored (reached end-of-life)
80
 
precise/esm_ruby-activesupport-2.3: DNE (precise was needs-triage)
81
 
trusty_ruby-activesupport-2.3: DNE
82
 
utopic_ruby-activesupport-2.3: DNE
83
 
vivid_ruby-activesupport-2.3: DNE
84
 
vivid/stable-phone-overlay_ruby-activesupport-2.3: DNE
85
 
vivid/ubuntu-core_ruby-activesupport-2.3: DNE
86
 
wily_ruby-activesupport-2.3: DNE
87
 
xenial_ruby-activesupport-2.3: DNE
88
 
yakkety_ruby-activesupport-2.3: DNE
89
 
zesty_ruby-activesupport-2.3: DNE
90
 
artful_ruby-activesupport-2.3: DNE
91
 
bionic_ruby-activesupport-2.3: DNE
92
 
devel_ruby-activesupport-2.3: DNE
93
 
 
94
 
Patches_ruby-activerecord-2.3:
95
 
upstream_ruby-activerecord-2.3: ignored (reached end-of-life)
96
 
lucid_ruby-activerecord-2.3: DNE
97
 
precise_ruby-activerecord-2.3: ignored (reached end-of-life)
98
 
precise/esm_ruby-activerecord-2.3: DNE (precise was needs-triage)
99
 
trusty_ruby-activerecord-2.3: DNE
100
 
utopic_ruby-activerecord-2.3: DNE
101
 
vivid_ruby-activerecord-2.3: DNE
102
 
vivid/stable-phone-overlay_ruby-activerecord-2.3: DNE
103
 
vivid/ubuntu-core_ruby-activerecord-2.3: DNE
104
 
wily_ruby-activerecord-2.3: DNE
105
 
xenial_ruby-activerecord-2.3: DNE
106
 
yakkety_ruby-activerecord-2.3: DNE
107
 
zesty_ruby-activerecord-2.3: DNE
108
 
artful_ruby-activerecord-2.3: DNE
109
 
bionic_ruby-activerecord-2.3: DNE
110
 
devel_ruby-activerecord-2.3: DNE
111
 
 
112
 
Patches_ruby-rails-3.2:
113
 
upstream_ruby-rails-3.2: needs-triage
114
 
lucid_ruby-rails-3.2: DNE
115
 
precise_ruby-rails-3.2: DNE
116
 
precise/esm_ruby-rails-3.2: DNE
117
 
trusty_ruby-rails-3.2: needs-triage
118
 
utopic_ruby-rails-3.2: DNE
119
 
vivid_ruby-rails-3.2: DNE
120
 
vivid/stable-phone-overlay_ruby-rails-3.2: DNE
121
 
vivid/ubuntu-core_ruby-rails-3.2: DNE
122
 
wily_ruby-rails-3.2: DNE
123
 
xenial_ruby-rails-3.2: DNE
124
 
yakkety_ruby-rails-3.2: DNE
125
 
zesty_ruby-rails-3.2: DNE
126
 
artful_ruby-rails-3.2: DNE
127
 
bionic_ruby-rails-3.2: DNE
128
 
devel_ruby-rails-3.2: DNE
129
 
 
130
 
Patches_ruby-actionpack-3.2:
131
 
upstream_ruby-actionpack-3.2: needs-triage
132
 
lucid_ruby-actionpack-3.2: DNE
133
 
precise_ruby-actionpack-3.2: DNE
134
 
precise/esm_ruby-actionpack-3.2: DNE
135
 
trusty_ruby-actionpack-3.2: needs-triage
136
 
utopic_ruby-actionpack-3.2: DNE
137
 
vivid_ruby-actionpack-3.2: DNE
138
 
vivid/stable-phone-overlay_ruby-actionpack-3.2: DNE
139
 
vivid/ubuntu-core_ruby-actionpack-3.2: DNE
140
 
wily_ruby-actionpack-3.2: DNE
141
 
xenial_ruby-actionpack-3.2: DNE
142
 
yakkety_ruby-actionpack-3.2: DNE
143
 
zesty_ruby-actionpack-3.2: DNE
144
 
artful_ruby-actionpack-3.2: DNE
145
 
bionic_ruby-actionpack-3.2: DNE
146
 
devel_ruby-actionpack-3.2: DNE
147
 
 
148
 
Patches_ruby-activesupport-3.2:
149
 
upstream_ruby-activesupport-3.2: needs-triage
150
 
lucid_ruby-activesupport-3.2: DNE
151
 
precise_ruby-activesupport-3.2: DNE
152
 
precise/esm_ruby-activesupport-3.2: DNE
153
 
trusty_ruby-activesupport-3.2: needs-triage
154
 
utopic_ruby-activesupport-3.2: DNE
155
 
vivid_ruby-activesupport-3.2: DNE
156
 
vivid/stable-phone-overlay_ruby-activesupport-3.2: DNE
157
 
vivid/ubuntu-core_ruby-activesupport-3.2: DNE
158
 
wily_ruby-activesupport-3.2: DNE
159
 
xenial_ruby-activesupport-3.2: DNE
160
 
yakkety_ruby-activesupport-3.2: DNE
161
 
zesty_ruby-activesupport-3.2: DNE
162
 
artful_ruby-activesupport-3.2: DNE
163
 
bionic_ruby-activesupport-3.2: DNE
164
 
devel_ruby-activesupport-3.2: DNE
165
 
 
166
 
Patches_ruby-activerecord-3.2:
167
 
upstream_ruby-activerecord-3.2: needs-triage
168
 
lucid_ruby-activerecord-3.2: DNE
169
 
precise_ruby-activerecord-3.2: DNE
170
 
precise/esm_ruby-activerecord-3.2: DNE
171
 
trusty_ruby-activerecord-3.2: needs-triage
172
 
utopic_ruby-activerecord-3.2: DNE
173
 
vivid_ruby-activerecord-3.2: DNE
174
 
vivid/stable-phone-overlay_ruby-activerecord-3.2: DNE
175
 
vivid/ubuntu-core_ruby-activerecord-3.2: DNE
176
 
wily_ruby-activerecord-3.2: DNE
177
 
xenial_ruby-activerecord-3.2: DNE
178
 
yakkety_ruby-activerecord-3.2: DNE
179
 
zesty_ruby-activerecord-3.2: DNE
180
 
artful_ruby-activerecord-3.2: DNE
181
 
bionic_ruby-activerecord-3.2: DNE
182
 
devel_ruby-activerecord-3.2: DNE
183
 
 
184
 
Patches_rails-4.0:
185
 
upstream_rails-4.0: released (4.0.12)
186
 
lucid_rails-4.0: DNE
187
 
precise_rails-4.0: DNE
188
 
precise/esm_rails-4.0: DNE
189
 
trusty_rails-4.0: needed
190
 
utopic_rails-4.0: ignored (reached end-of-life)
191
 
vivid_rails-4.0: DNE
192
 
vivid/stable-phone-overlay_rails-4.0: DNE
193
 
vivid/ubuntu-core_rails-4.0: DNE
194
 
wily_rails-4.0: DNE
195
 
xenial_rails-4.0: DNE
196
 
yakkety_rails-4.0: DNE
197
 
zesty_rails-4.0: DNE
198
 
artful_rails-4.0: DNE
199
 
bionic_rails-4.0: DNE
200
 
devel_rails-4.0: DNE
201
 
 
202
 
Patches_rails-3.2:
203
 
upstream_rails-3.2: released (3.2.21)
204
 
lucid_rails-3.2: DNE
205
 
precise_rails-3.2: DNE
206
 
precise/esm_rails-3.2: DNE
207
 
trusty_rails-3.2: DNE
208
 
utopic_rails-3.2: ignored (reached end-of-life)
209
 
vivid_rails-3.2: DNE
210
 
vivid/stable-phone-overlay_rails-3.2: DNE
211
 
vivid/ubuntu-core_rails-3.2: DNE
212
 
wily_rails-3.2: DNE
213
 
xenial_rails-3.2: DNE
214
 
yakkety_rails-3.2: DNE
215
 
zesty_rails-3.2: DNE
216
 
artful_rails-3.2: DNE
217
 
bionic_rails-3.2: DNE
218
 
devel_rails-3.2: DNE