Forums before death by AOL, social media and spammers... "We can't have nice things"
| linux.debian.changes | Debian changes... like the weather | 791 messages |
[ << oldest | < older | list | newer > | newest >> ]
| Message 602 of 791 |
| Debian FTP Masters to All |
| Accepted rails 2:7.2.2.2+dfsg-2~deb13u1 |
| 21 Dec 25 19:10:01 |
From: ftpmaster@ftp-master.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 Dec 2025 21:45:40 +0100
Source: rails
Architecture: source
Version: 2:7.2.2.2+dfsg-2~deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Ruby Team
Changed-By: Bastien Roucariès
Closes: 1111106
Changes:
rails (2:7.2.2.2+dfsg-2~deb13u1) trixie-security; urgency=medium
.
* Team upload
* New upstream release
* Fix CVE-2025-24293 (Closes: #1111106)
Active Record connects classes to relational database tables.
The ID passed to find or similar methods may be logged without
escaping. If this is directly to the terminal it may include
unescaped ANSI sequences.
* Fix CVE-2025-55193.
Active Storage attempts to prevent the use of potentially unsafe image
transformation methods and parameters by default.
The default allowed list contains three methods allowing
for the circumvention of the safe defaults which enables potential
command injection vulnerabilities in cases where arbitrary
user supplied input is accepted as valid transformation methods
or parameters.
* Target trixie in salsaCI
Checksums-Sha1:
9b5d37116d14dcb6ad065c48dc66bdf8768d6297 4730 rails_7.2.2.2+dfsg-2~deb13u1.dsc
b2d4083becc6fdef86e817c6e9727033a19b7a9e 8049424 rails_7.2.2.2+
fsg.orig.tar.xz
22dbcb514a6960ee4c394944a37e34e6e03f34c3 102744 rails_7.2.2.2+d
sg-2~deb13u1.debian.tar.xz
d7e1c3b711dddd29e287a2cb4b70ffd1c2f63c7d 17162 rails_7.2.2.2+df
g-2~deb13u1_source.buildinfo
Checksums-Sha256:
f7b5053a8c83ec4e3b091af7a772607fe5b4859dc116ce0e5b523d5f932bcf82 4730
rails_7.2.2.2+dfsg-2~deb13u1.dsc
0fc71b56afdc4721f45bc4c9134f43e71e7a66ea542b674b1f652743da0d760b 8049424
rails_7.2.2.2+dfsg.orig.tar.xz
a140ddeba2030f38d130476f0b26c821074d5673424a171cb32016d4b9fd8bc4 102744
rails_7.2.2.2+dfsg-2~deb13u1.debian.tar.xz
ea30c8a22baeb3707e81a710430350aa37f3ef5481f3d125c16c277621950024 17162
rails_7.2.2.2+dfsg-2~deb13u1_source.buildinfo
Files:
1d454d35f6150342943cb08e81afbead 4730 ruby optional rails_7.2.2
2+dfsg-2~deb13u1.dsc
d02d956d119f37e12fe566a6a217e510 8049424 ruby optional rails_7.
.2.2+dfsg.orig.tar.xz
8b5ecd55f9ce86f42b90ff32a23f1fc4 102744 ruby optional rails_7.2
2.2+dfsg-2~deb13u1.debian.tar.xz
3847ed8d490a1626d66ddd8ea8c1cb96 17162 ruby optional rails_7.2.
.2+dfsg-2~deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmlElJIRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9HtRAAq7W+/ea2H7J18O9/NWEAy7f+eSGxeG7T
TpqhkLKSmqijjJRwsaG4h5SW7tqMXVx7u8Rqdzbz8XMy+/DJbV1d9vYzZeiYawB4
KQ0IebJbYiZfWWaVHRfi5RF8kgvjtEJdImdB+E8ezJnzZtcTcdaFsYtIWgbokDjv
tTxs1Lr22UdtO9vX9JPq0ncCiC/4BsZirWxm+jArJWKw/92YZBQsGB5NmNiQnViK
i23bS22peIiUNsfi8tuckR0q9GV9fxC5F+ueBBQz1kzFPPWUFGBbanAcpABiKyIf
JxgaximSx5wPGa13M9MbmDZbTxJvOi/1RH1AbodqD6U7yicGuCo2X/EHMmHR7fTX
rQX4FThDVmtX1ANFGGDrja17UpBk3OFtIjnRFnRBOEzRdKKfMjLrBHx5Q3wQYjWW
vCkvYhSWV1dMXWDIjXj5du5csW0EXHHJuzBuzNJku74nv3ehe15LgR+Ts2vEXU7B
4N7D+Kc+BZNKRz2BnrvXEmD7mSvXJLhW9MJGht7V4C1JQC5exQWG/+FwpGY7z9Wa
G0KpAAh5MzHaeFX3l8jWJpOP4ePpnr0gkNOqCghcA23h83c/j8R9zrH0M6gEvH8c
shwmPyuQQy+815G9DGcgIAAfRlx0z0/p/kF3sUsubVy9jfHk3mk/hTwQJJoJN/my
hSY4VFDl7W4=
=URbj
-----END PGP SIGNATURE-----
--==============c82067635797741621=Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaUg2RwAKCRCb9qggYcy5
IQcCAQCTA6o3cy8yQQqnPOU+y+VyelpaPuzLu3evHsq6qdrTmQD9EkeJdTsWQXAn
UPA3BQxdpJQ6N1+FKPMSAg9D3jJ46gU=gQU6
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
[ << oldest | < older | list | newer > | newest >> ]
(c) 1994, bbs@darkrealms.ca
