1
Candidate: CVE-2014-7829
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829
5
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ
7
Directory traversal vulnerability in
8
actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby
9
on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and
10
4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows
11
remote attackers to determine the existence of files outside the
12
application root via vectors involving a \ (backslash) character, a similar
13
issue to CVE-2014-7818.
16
sarnold> in Oneiric-Saucy, rails package is just for transition
23
upstream_rails: needs-triage
24
lucid_rails: ignored (reached end-of-life)
25
precise_rails: not-affected (contains no code)
26
precise/esm_rails: DNE (precise was not-affected [contains no code])
27
trusty_rails: not-affected (contains no code)
28
utopic_rails: not-affected (contains no code)
29
vivid_rails: not-affected (contains no code)
30
vivid/stable-phone-overlay_rails: DNE
31
vivid/ubuntu-core_rails: DNE
32
wily_rails: not-affected (contains no code)
33
xenial_rails: not-affected (contains no code)
34
yakkety_rails: not-affected (contains no code)
35
zesty_rails: not-affected (contains no code)
36
artful_rails: not-affected (contains no code)
37
bionic_rails: not-affected (contains no code)
38
devel_rails: not-affected (contains no code)
40
Patches_ruby-rails-2.3:
41
upstream_ruby-rails-2.3: ignored (reached end-of-life)
42
lucid_ruby-rails-2.3: DNE
43
precise_ruby-rails-2.3: ignored (reached end-of-life)
44
precise/esm_ruby-rails-2.3: DNE (precise was needs-triage)
45
trusty_ruby-rails-2.3: DNE
46
utopic_ruby-rails-2.3: DNE
47
vivid_ruby-rails-2.3: DNE
48
vivid/stable-phone-overlay_ruby-rails-2.3: DNE
49
vivid/ubuntu-core_ruby-rails-2.3: DNE
50
wily_ruby-rails-2.3: DNE
51
xenial_ruby-rails-2.3: DNE
52
yakkety_ruby-rails-2.3: DNE
53
zesty_ruby-rails-2.3: DNE
54
artful_ruby-rails-2.3: DNE
55
bionic_ruby-rails-2.3: DNE
56
devel_ruby-rails-2.3: DNE
58
Patches_ruby-actionpack-2.3:
59
upstream_ruby-actionpack-2.3: ignored (reached end-of-life)
60
lucid_ruby-actionpack-2.3: DNE
61
precise_ruby-actionpack-2.3: ignored (reached end-of-life)
62
precise/esm_ruby-actionpack-2.3: DNE (precise was needs-triage)
63
trusty_ruby-actionpack-2.3: DNE
64
utopic_ruby-actionpack-2.3: DNE
65
vivid_ruby-actionpack-2.3: DNE
66
vivid/stable-phone-overlay_ruby-actionpack-2.3: DNE
67
vivid/ubuntu-core_ruby-actionpack-2.3: DNE
68
wily_ruby-actionpack-2.3: DNE
69
xenial_ruby-actionpack-2.3: DNE
70
yakkety_ruby-actionpack-2.3: DNE
71
zesty_ruby-actionpack-2.3: DNE
72
artful_ruby-actionpack-2.3: DNE
73
bionic_ruby-actionpack-2.3: DNE
74
devel_ruby-actionpack-2.3: DNE
76
Patches_ruby-activesupport-2.3:
77
upstream_ruby-activesupport-2.3: ignored (reached end-of-life)
78
lucid_ruby-activesupport-2.3: DNE
79
precise_ruby-activesupport-2.3: ignored (reached end-of-life)
80
precise/esm_ruby-activesupport-2.3: DNE (precise was needs-triage)
81
trusty_ruby-activesupport-2.3: DNE
82
utopic_ruby-activesupport-2.3: DNE
83
vivid_ruby-activesupport-2.3: DNE
84
vivid/stable-phone-overlay_ruby-activesupport-2.3: DNE
85
vivid/ubuntu-core_ruby-activesupport-2.3: DNE
86
wily_ruby-activesupport-2.3: DNE
87
xenial_ruby-activesupport-2.3: DNE
88
yakkety_ruby-activesupport-2.3: DNE
89
zesty_ruby-activesupport-2.3: DNE
90
artful_ruby-activesupport-2.3: DNE
91
bionic_ruby-activesupport-2.3: DNE
92
devel_ruby-activesupport-2.3: DNE
94
Patches_ruby-activerecord-2.3:
95
upstream_ruby-activerecord-2.3: ignored (reached end-of-life)
96
lucid_ruby-activerecord-2.3: DNE
97
precise_ruby-activerecord-2.3: ignored (reached end-of-life)
98
precise/esm_ruby-activerecord-2.3: DNE (precise was needs-triage)
99
trusty_ruby-activerecord-2.3: DNE
100
utopic_ruby-activerecord-2.3: DNE
101
vivid_ruby-activerecord-2.3: DNE
102
vivid/stable-phone-overlay_ruby-activerecord-2.3: DNE
103
vivid/ubuntu-core_ruby-activerecord-2.3: DNE
104
wily_ruby-activerecord-2.3: DNE
105
xenial_ruby-activerecord-2.3: DNE
106
yakkety_ruby-activerecord-2.3: DNE
107
zesty_ruby-activerecord-2.3: DNE
108
artful_ruby-activerecord-2.3: DNE
109
bionic_ruby-activerecord-2.3: DNE
110
devel_ruby-activerecord-2.3: DNE
112
Patches_ruby-rails-3.2:
113
upstream_ruby-rails-3.2: needs-triage
114
lucid_ruby-rails-3.2: DNE
115
precise_ruby-rails-3.2: DNE
116
precise/esm_ruby-rails-3.2: DNE
117
trusty_ruby-rails-3.2: needs-triage
118
utopic_ruby-rails-3.2: DNE
119
vivid_ruby-rails-3.2: DNE
120
vivid/stable-phone-overlay_ruby-rails-3.2: DNE
121
vivid/ubuntu-core_ruby-rails-3.2: DNE
122
wily_ruby-rails-3.2: DNE
123
xenial_ruby-rails-3.2: DNE
124
yakkety_ruby-rails-3.2: DNE
125
zesty_ruby-rails-3.2: DNE
126
artful_ruby-rails-3.2: DNE
127
bionic_ruby-rails-3.2: DNE
128
devel_ruby-rails-3.2: DNE
130
Patches_ruby-actionpack-3.2:
131
upstream_ruby-actionpack-3.2: needs-triage
132
lucid_ruby-actionpack-3.2: DNE
133
precise_ruby-actionpack-3.2: DNE
134
precise/esm_ruby-actionpack-3.2: DNE
135
trusty_ruby-actionpack-3.2: needs-triage
136
utopic_ruby-actionpack-3.2: DNE
137
vivid_ruby-actionpack-3.2: DNE
138
vivid/stable-phone-overlay_ruby-actionpack-3.2: DNE
139
vivid/ubuntu-core_ruby-actionpack-3.2: DNE
140
wily_ruby-actionpack-3.2: DNE
141
xenial_ruby-actionpack-3.2: DNE
142
yakkety_ruby-actionpack-3.2: DNE
143
zesty_ruby-actionpack-3.2: DNE
144
artful_ruby-actionpack-3.2: DNE
145
bionic_ruby-actionpack-3.2: DNE
146
devel_ruby-actionpack-3.2: DNE
148
Patches_ruby-activesupport-3.2:
149
upstream_ruby-activesupport-3.2: needs-triage
150
lucid_ruby-activesupport-3.2: DNE
151
precise_ruby-activesupport-3.2: DNE
152
precise/esm_ruby-activesupport-3.2: DNE
153
trusty_ruby-activesupport-3.2: needs-triage
154
utopic_ruby-activesupport-3.2: DNE
155
vivid_ruby-activesupport-3.2: DNE
156
vivid/stable-phone-overlay_ruby-activesupport-3.2: DNE
157
vivid/ubuntu-core_ruby-activesupport-3.2: DNE
158
wily_ruby-activesupport-3.2: DNE
159
xenial_ruby-activesupport-3.2: DNE
160
yakkety_ruby-activesupport-3.2: DNE
161
zesty_ruby-activesupport-3.2: DNE
162
artful_ruby-activesupport-3.2: DNE
163
bionic_ruby-activesupport-3.2: DNE
164
devel_ruby-activesupport-3.2: DNE
166
Patches_ruby-activerecord-3.2:
167
upstream_ruby-activerecord-3.2: needs-triage
168
lucid_ruby-activerecord-3.2: DNE
169
precise_ruby-activerecord-3.2: DNE
170
precise/esm_ruby-activerecord-3.2: DNE
171
trusty_ruby-activerecord-3.2: needs-triage
172
utopic_ruby-activerecord-3.2: DNE
173
vivid_ruby-activerecord-3.2: DNE
174
vivid/stable-phone-overlay_ruby-activerecord-3.2: DNE
175
vivid/ubuntu-core_ruby-activerecord-3.2: DNE
176
wily_ruby-activerecord-3.2: DNE
177
xenial_ruby-activerecord-3.2: DNE
178
yakkety_ruby-activerecord-3.2: DNE
179
zesty_ruby-activerecord-3.2: DNE
180
artful_ruby-activerecord-3.2: DNE
181
bionic_ruby-activerecord-3.2: DNE
182
devel_ruby-activerecord-3.2: DNE
185
upstream_rails-4.0: released (4.0.12)
187
precise_rails-4.0: DNE
188
precise/esm_rails-4.0: DNE
189
trusty_rails-4.0: needed
190
utopic_rails-4.0: ignored (reached end-of-life)
192
vivid/stable-phone-overlay_rails-4.0: DNE
193
vivid/ubuntu-core_rails-4.0: DNE
195
xenial_rails-4.0: DNE
196
yakkety_rails-4.0: DNE
198
artful_rails-4.0: DNE
199
bionic_rails-4.0: DNE
203
upstream_rails-3.2: released (3.2.21)
205
precise_rails-3.2: DNE
206
precise/esm_rails-3.2: DNE
207
trusty_rails-3.2: DNE
208
utopic_rails-3.2: ignored (reached end-of-life)
210
vivid/stable-phone-overlay_rails-3.2: DNE
211
vivid/ubuntu-core_rails-3.2: DNE
213
xenial_rails-3.2: DNE
214
yakkety_rails-3.2: DNE
216
artful_rails-3.2: DNE
217
bionic_rails-3.2: DNE