Your message dated Wed, 01 Jun 2011 01:54:03 +0000
with message-id <[email protected]>
and subject line Bug#614864: fixed in rails 2.3.5-1.2+squeeze0.1
has caused the Debian Bug report #614864,
regarding CVE-2011-0446 and CVE-2011-0447
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
614864: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rails
Severity: grave
Tags: security

Please see
http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

Cheers,
        Moritz

-- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



--- End Message ---
--- Begin Message ---
Source: rails
Source-Version: 2.3.5-1.2+squeeze0.1

We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive:

libactionmailer-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactionmailer-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
libactionmailer-ruby_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactionmailer-ruby_2.3.5-1.2+squeeze0.1_all.deb
libactionpack-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactionpack-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
libactionpack-ruby_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactionpack-ruby_2.3.5-1.2+squeeze0.1_all.deb
libactiverecord-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactiverecord-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
libactiverecord-ruby_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactiverecord-ruby_2.3.5-1.2+squeeze0.1_all.deb
libactiveresource-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactiveresource-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
libactiveresource-ruby_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactiveresource-ruby_2.3.5-1.2+squeeze0.1_all.deb
libactivesupport-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactivesupport-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
libactivesupport-ruby_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/libactivesupport-ruby_2.3.5-1.2+squeeze0.1_all.deb
rails-doc_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/rails-doc_2.3.5-1.2+squeeze0.1_all.deb
rails-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/rails-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
rails_2.3.5-1.2+squeeze0.1.debian.tar.gz
  to main/r/rails/rails_2.3.5-1.2+squeeze0.1.debian.tar.gz
rails_2.3.5-1.2+squeeze0.1.dsc
  to main/r/rails/rails_2.3.5-1.2+squeeze0.1.dsc
rails_2.3.5-1.2+squeeze0.1_all.deb
  to main/r/rails/rails_2.3.5-1.2+squeeze0.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <[email protected]> (supplier of updated rails package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 30 May 2011 09:43:10 +0200
Source: rails
Binary: rails rails-ruby1.8 rails-doc libactiverecord-ruby 
libactiverecord-ruby1.8 libactiverecord-ruby1.9.1 libactivesupport-ruby 
libactivesupport-ruby1.8 libactivesupport-ruby1.9.1 libactionpack-ruby 
libactionpack-ruby1.8 libactionmailer-ruby libactionmailer-ruby1.8 
libactiveresource-ruby libactiveresource-ruby1.8
Architecture: source all
Version: 2.3.5-1.2+squeeze0.1
Distribution: stable-security
Urgency: low
Maintainer: Adam Majer <[email protected]>
Changed-By: Ondřej Surý <[email protected]>
Description: 
 libactionmailer-ruby - Framework for generation of customized email messages
 libactionmailer-ruby1.8 - Framework for generation of customized email messages
 libactionpack-ruby - Controller and View framework used by Rails
 libactionpack-ruby1.8 - Controller and View framework used by Rails
 libactiverecord-ruby - ORM database interface for ruby
 libactiverecord-ruby1.8 - ORM database interface for ruby
 libactiverecord-ruby1.9.1 - ORM database interface for ruby
 libactiveresource-ruby - Connects objects and REST web services
 libactiveresource-ruby1.8 - Connects objects and REST web services
 libactivesupport-ruby - utility classes and extensions (Ruby 1.8)
 libactivesupport-ruby1.8 - utility classes and extensions (Ruby 1.8)
 libactivesupport-ruby1.9.1 - utility classes and extensions (Ruby 1.8)
 rails      - MVC ruby based framework geared for web application development
 rails-doc  - Documentation for rails, a MVC ruby based framework
 rails-ruby1.8 - MVC ruby based framework geared for web application development
Closes: 614864
Changes: 
 rails (2.3.5-1.2+squeeze0.1) stable-security; urgency=low
 .
   * Non-maintainer upload.
   * Fix CVE-2011-0446: Be sure to javascript_escape the email address to
     prevent apostrophes inadvertently causing javascript errors.
   * Fix CVE-2011-0447: Change the CSRF whitelisting to only apply to get
     requests (Closes: #614864)
Checksums-Sha1: 
 d1b5dd4331881b8dd33bbfd5492841b5f168edea 1699 rails_2.3.5-1.2+squeeze0.1.dsc
 f8df515f5137e69cefbdb21af94410eb6a0fd4b4 3173705 rails_2.3.5.orig.tar.gz
 d32a873db75c32888731983a1b4afaef38b994b2 21992 
rails_2.3.5-1.2+squeeze0.1.debian.tar.gz
 2f9d30f93df62c14cd958fd1ff48bd68e1d4f5be 11878 
rails_2.3.5-1.2+squeeze0.1_all.deb
 733d54b60153b1e497ea6ac0acf92773e2c76415 222196 
rails-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 3729e581a27dabb1f9e76a3ec2d1e6e9ac57ea46 899126 
rails-doc_2.3.5-1.2+squeeze0.1_all.deb
 bcafd9d20a27ee7cf12e5f9d738a9fe6df70c93b 9330 
libactiverecord-ruby_2.3.5-1.2+squeeze0.1_all.deb
 f52d3133ab952dfb2ced0d1e1aca9a2e3484a90d 265992 
libactiverecord-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 941f870683358ad716222518651f4a44a44bdefb 265302 
libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
 3362b81979dadf1849b3671df2ebb01d5649fc4b 9266 
libactivesupport-ruby_2.3.5-1.2+squeeze0.1_all.deb
 abe4b8ab8361a937cf06c40b6c98704f8a3b5457 253658 
libactivesupport-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 d32bef7b972c2b35a456d7c9596bb79f69298551 253082 
libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
 1f0b73e4cd2a4e09b55a436698ae50a2e26b868b 9394 
libactionpack-ruby_2.3.5-1.2+squeeze0.1_all.deb
 aad4fd9cec2451506e965070904a96cddc679556 320978 
libactionpack-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 415ce12fcddb3bb02c5f9dff262ec5b13243c877 9354 
libactionmailer-ruby_2.3.5-1.2+squeeze0.1_all.deb
 f7a922b147ac5b653ffaa9460209175f2e47248f 31590 
libactionmailer-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 55d86927015cbc1a335513812be701f8110a6316 9356 
libactiveresource-ruby_2.3.5-1.2+squeeze0.1_all.deb
 2fc37eda971e886be8744e9e277243594d0592ba 36652 
libactiveresource-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
Checksums-Sha256: 
 af896c43c483f87a2a07f73238adab5947a107ae442779e53edfa538c389c3aa 1699 
rails_2.3.5-1.2+squeeze0.1.dsc
 f07416a3655ef24316e6fb8bd57bf00f5b06b9d6191cec15be93d08238ed1313 3173705 
rails_2.3.5.orig.tar.gz
 cb3efe5064fe8b6f6a2215debcb01fa6bae1355968330e6a67f9a1ac5f0ac990 21992 
rails_2.3.5-1.2+squeeze0.1.debian.tar.gz
 deeaedc7c699a52f246e9a4c454b53495ce72006f0a44cb96614240a1720d711 11878 
rails_2.3.5-1.2+squeeze0.1_all.deb
 27b74e9455d91558526fcefc59da5b20a6410222afa817f5dea09a1ebcc1fc91 222196 
rails-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 fc15660812c74ffd42fa73ffc2084ea39971d2a628072e363c6c99fb0602b5b8 899126 
rails-doc_2.3.5-1.2+squeeze0.1_all.deb
 b666cd68aea827c71fb79cf66bdc5fcfe9abcbdad9fdc9205c369882a01d854c 9330 
libactiverecord-ruby_2.3.5-1.2+squeeze0.1_all.deb
 3b7455f6366b91db2ba22398b5a52abfc655295bac7b005f62dffe23da3e7f1f 265992 
libactiverecord-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 885c64b83752b9ec944578f52e7d0644e60783d36c5817b25fe9023328eae803 265302 
libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
 4b1a5c3651e73f2b867492fc30604310533c99bff9a7c3cf8f0675bedc040d2f 9266 
libactivesupport-ruby_2.3.5-1.2+squeeze0.1_all.deb
 42e33a40091bfa54e036fa8db85e8c0f7747d9b03da51f0388533327e80139c6 253658 
libactivesupport-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 e74d48d2d2fa18e6304914df67bb4a169508ba1e34fe3689a966bbbba6379371 253082 
libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
 8e37177e4c27650507a4cdfe1ca6269cd867e89aa22d78a150d35368ece485cf 9394 
libactionpack-ruby_2.3.5-1.2+squeeze0.1_all.deb
 c749c6cdd18b9ccf1de2b12ab1d97329baf23eb1c9c5053a09ed0d9f7b67bc8d 320978 
libactionpack-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 7557e8a5f33cb2b960d8530ad3f1f42031b906542a0f64e1fcf06fd382fb4e4c 9354 
libactionmailer-ruby_2.3.5-1.2+squeeze0.1_all.deb
 d864038a37f40b4034abb1e84f040abeb34a1ec157c33b517e0a0224f67b9f3e 31590 
libactionmailer-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 9f81f676b5c6040d04afbd2907dfd24cc5d4950afa2add33c0b53d23d85914ca 9356 
libactiveresource-ruby_2.3.5-1.2+squeeze0.1_all.deb
 8030e46e687da641c0cc4712d2ea2f249420c922975f6d03356465d02c62a2cb 36652 
libactiveresource-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
Files: 
 dc22c789c5d2fdff7680b8c7cadcec0e 1699 ruby optional 
rails_2.3.5-1.2+squeeze0.1.dsc
 8e28f9ba645d67dea57a33508d11a56c 3173705 ruby optional rails_2.3.5.orig.tar.gz
 62a691c47f58dc05ef8444e981c63f8a 21992 ruby optional 
rails_2.3.5-1.2+squeeze0.1.debian.tar.gz
 f90e492aab13cf7f36a932c2ceac2ddb 11878 ruby optional 
rails_2.3.5-1.2+squeeze0.1_all.deb
 731a5c320f05686df1f00e73bb40b7f6 222196 ruby optional 
rails-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 ac304dc9c8d5c96166f2f35d4813fdd5 899126 doc optional 
rails-doc_2.3.5-1.2+squeeze0.1_all.deb
 a4a1de01878d2019842f7147b6afa35f 9330 ruby optional 
libactiverecord-ruby_2.3.5-1.2+squeeze0.1_all.deb
 d9aace2a82b4719ebeb2901ad13bbe20 265992 ruby optional 
libactiverecord-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 7a69c5a24b84a6b669fddc63f529f32a 265302 ruby optional 
libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
 f8cdfe71f52b6dd8bf86270757d84b2f 9266 ruby optional 
libactivesupport-ruby_2.3.5-1.2+squeeze0.1_all.deb
 22e96bcc79d29737cd1bda70eff08112 253658 ruby optional 
libactivesupport-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 3536bf36525fbcefff82acee55edc360 253082 ruby optional 
libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
 a9327d1f282e22799625036891b62652 9394 ruby optional 
libactionpack-ruby_2.3.5-1.2+squeeze0.1_all.deb
 3045874729f28beb3053f94a13c4d156 320978 ruby optional 
libactionpack-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 3509f8853a99f6c98194c0d20822809d 9354 ruby optional 
libactionmailer-ruby_2.3.5-1.2+squeeze0.1_all.deb
 b95e66c9a06d521bec448468a046879c 31590 ruby optional 
libactionmailer-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
 33d96875656429eadab857318cd9fa5b 9356 ruby optional 
libactiveresource-ruby_2.3.5-1.2+squeeze0.1_all.deb
 e1819cd6c3acf1b15cbdd9a0aa475a80 36652 ruby optional 
libactiveresource-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk3jh3QACgkQ9OZqfMIN8nOU+wCgqbC7j9wZ9TTsT7Zi/tZokHox
poQAniHBSIzEW/ExfGZN/aV7PSXkmckY
=qMdb
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to