CVE-2013-4389

Debian Bug report logs - #726576 ruby-actionmailer-32: Possible DoS Vulnerability in Action Mailer (CVE-2013-4389) Package: ruby-actionmailer-32; Maintainer for ruby-actionmailer-32 is (unknown); Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Wed, 16 Oct 2013 20:00:02 UTC Severity: grave Tags: security Fixed ...

Aaron Neyer discovered that missing input sanitising in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message For the stable distribution (wheezy), this problem has been fixed in version 326-2+deb7u1 ruby-activesupport-32 was updated in a related change to version 326-6+deb7u1 For th ...

Multiple format string vulnerabilities in log_subscriberrb files in the log subscriber component in Action Mailer in Ruby on Rails 3x before 3215 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message ...