Package: ruby-actionmailer-3.2

Package: ruby-actionmailer-3.2 / 3.2.6-2+deb7u1

Metadata

Package	Version	Patches format
ruby-actionmailer-3.2	3.2.6-2+deb7u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
CVE 2013 4389.patch \| (download)	lib/action_mailer/log_subscriber.rb \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	[patch] remove the use of string#% when formatting durations in log messages This avoids potential format string vulnerabilities where user-provided data is interpolated into the log message before String#% is called.

Patch

File delta

Description

CVE 2013 4389.patch | (download)

lib/action_mailer/log_subscriber.rb | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch] remove the use of string#% when formatting durations in log
 messages

This avoids potential format string vulnerabilities where user-provided
data is interpolated into the log message before String#% is called.