CVE-2010-3299

Published: 12 November 2019

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

Notes

Author	Note
mdeslaur	in Oneiric+, rails package is just for transition

6.5

Package	Release	Status
rails Launchpad, Ubuntu, Debian	vivid	Not vulnerable (contains no code)
	hardy	Ignored (end of life)
	lucid	Ignored (end of life)
	maverick	Ignored (end of life)
	natty	Ignored (end of life)
	oneiric	Not vulnerable (contains no code)
	precise	Not vulnerable (contains no code)
	quantal	Not vulnerable (contains no code)
	raring	Not vulnerable (contains no code)
	saucy	Not vulnerable (contains no code)
	trusty	Does not exist (trusty was not-affected [contains no code])
	upstream	Needs triage
	utopic	Not vulnerable (contains no code)
	wily	Not vulnerable (contains no code)
	xenial	Not vulnerable (contains no code)
	yakkety	Not vulnerable (contains no code)
	zesty	Not vulnerable (contains no code)
ruby-rails-2.3 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Ignored (end of life)
	precise	Ignored (end of life)
	quantal	Ignored (end of life)
	raring	Ignored (end of life)
	saucy	Ignored (end of life)
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.