CVE-2013-0256
Publication date 6 February 2013
Last updated 24 July 2024
Ubuntu priority
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Status
Package | Ubuntu Release | Status |
---|---|---|
ruby-defaults | 13.04 raring |
Not affected
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Not affected
|
|
11.10 oneiric |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Ignored end of life | |
ruby1.8 | 13.04 raring | Ignored end of life |
12.10 quantal | Ignored end of life | |
12.04 LTS precise | Ignored end of life | |
11.10 oneiric | Ignored end of life | |
10.04 LTS lucid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
ruby1.9 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
ruby1.9.1 | 13.04 raring |
Fixed 1.9.3.194-7ubuntu1
|
12.10 quantal |
Fixed 1.9.3.194-1ubuntu1.3
|
|
12.04 LTS precise |
Fixed 1.9.3.0-1ubuntu2.5
|
|
11.10 oneiric | Ignored end of life | |
10.04 LTS lucid | Ignored end of life | |
8.04 LTS hardy | Not in release |
Notes
jdstrand
rdoc part of ruby-defaults in Ubuntu 10.04 LTS and lower darkfish.js only present in ruby1.9.1 on Ubuntu 11.10 and later
Patch details
Package | Patch details |
---|---|
ruby1.9.1 |
References
Related Ubuntu Security Notices (USN)
- USN-1733-1
- Ruby vulnerabilities
- 21 February 2013