Package: ruby-actionmailer-3.2 / 3.2.6-2+deb7u1


Package Version Patches format
ruby-actionmailer-3.2 3.2.6-2+deb7u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2013 4389.patch | (download)

lib/action_mailer/log_subscriber.rb | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch] remove the use of string#% when formatting durations in log

This avoids potential format string vulnerabilities where user-provided
data is interpolated into the log message before String#% is called.