Your message dated Wed, 19 Mar 2025 19:48:17 +0000
with message-id <[email protected]>
and subject line Bug#1072705: fixed in rails 2:6.1.7.10+dfsg-1~deb12u1
has caused the Debian Bug report #1072705,
regarding rails: CVE-2024-28103
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1072705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rails
Version: 2:6.1.7.3+dfsg-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2:6.1.7.3+dfsg-1
Hi,
The following vulnerability was published for rails.
CVE-2024-28103[0]:
| Action Pack is a framework for handling and responding to web
| requests. Since 6.1.0, the application configurable Permissions-
| Policy is only served on responses with an HTML related Content-
| Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-28103
https://www.cve.org/CVERecord?id=CVE-2024-28103
[1] https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rails
Source-Version: 2:6.1.7.10+dfsg-1~deb12u1
Done: Utkarsh Gupta <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Utkarsh Gupta <[email protected]> (supplier of updated rails package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 14 Mar 2025 20:02:55 +0530
Source: rails
Built-For-Profiles: noudeb
Architecture: source
Version: 2:6.1.7.10+dfsg-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Ruby Team
<[email protected]>
Changed-By: Utkarsh Gupta <[email protected]>
Closes: 1051057 1051058 1065119 1072705 1085376 1089755
Changes:
rails (2:6.1.7.10+dfsg-1~deb12u1) bookworm-security; urgency=medium
.
* New upstream version 6.1.7.10+dfsg.
(Fixes: CVE-2023-28362, CVE-2023-38037, CVE-2024-26144, CVE-2024-28103,
CVE-2024-41128, CVE-2024-47887, CVE-2024-47888, CVE-2024-47889)
(Closes: #1051058, #1051057, 1065119, #1072705, #1085376)
* Add patch to add CSP directive validation.
(Fixes: CVE-2024-54133) (Closes: #1089755)
Checksums-Sha1:
2ca2b6f2e242cab353a2a11a20dd316fe26e185c 4877 rails_6.1.7.10+dfsg-1~deb12u1.dsc
69f028837267e1f74aa8c62d1ce13ec94f6a6148 8174980
rails_6.1.7.10+dfsg.orig.tar.xz
4b2d58afeb86fc5553f44e3c84c21bc108f06140 103476
rails_6.1.7.10+dfsg-1~deb12u1.debian.tar.xz
ba937a51e92f368df9a3e1a8c03206bfafa31e9d 15195
rails_6.1.7.10+dfsg-1~deb12u1_source.buildinfo
Checksums-Sha256:
32177da6ed34c690a9608630a1f68555342f72c5348d94d2fc1153d083c46e02 4877
rails_6.1.7.10+dfsg-1~deb12u1.dsc
54f0c056757697e2fd6887e622c23fac5eb862a65ac497e9e3a5081a3dc57f66 8174980
rails_6.1.7.10+dfsg.orig.tar.xz
cbb48f4c28a09852b6846ede2cd11e40b1ffb88689e863a876158727dda2b678 103476
rails_6.1.7.10+dfsg-1~deb12u1.debian.tar.xz
7c99a36c9faecc6a022613bd83ddfbb9b7963701a1fbfa282d0a6442848dcd4e 15195
rails_6.1.7.10+dfsg-1~deb12u1_source.buildinfo
Files:
b26daf9585af946363cda44bae83b114 4877 ruby optional
rails_6.1.7.10+dfsg-1~deb12u1.dsc
c74492a8355e230b7bcc59feea45cd80 8174980 ruby optional
rails_6.1.7.10+dfsg.orig.tar.xz
95867b02e97a1e162ecdc8649000b08a 103476 ruby optional
rails_6.1.7.10+dfsg-1~deb12u1.debian.tar.xz
c1bc8964c7f0d247ee6da8312d39fff7 15195 ruby optional
rails_6.1.7.10+dfsg-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmfVrKcTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlketEADMfli4VT9UOdYYeFr+1h3Z7TQyvOFO
WYC6XrnjPmg8OveW1trbaoZknOuIOA2YrOzEQp3Nqn5WBSjvvacCzKC/F6fIOUl7
qqqfPZs56m0TvhvYGSMQtG3ckdQY2h6Bvd/65MbUioGwXVP6CDzl73Qmkbfo4NHp
BebKxnTrkliB0QXq7TVxQeh8DwUxhdJ+jfhkSyYVk29Zdz9klYrwV8iLB454+wPX
cRSEu6msqkmzjziv+dq71+pvfyrZj1PSHLIPjSQIsHMUPIceESgXlEs1Jfuo9Xkj
rNCHMxEJ8DMwcVC97P0Z1hVmahtfl4/HLynlU5fRjLaXCRmrRDBElRz4D4G7x2Aa
8WKZzHyfK507C5FxA/50cLQPGNIIfkEMVq5c2zbbL/z3v8x+/LvmZNwC/I0xo894
QkD/PObOBL+1R5MCLqjNLS5SQsgSwqkVNauddZWlQe9gfAvUFojw42/xt7LuGFVM
l88w1jmkZGbccGtRZhd7tqCkrvDTFcuQn4IDTyg6EevQZVexOR3i8iZqJc/QVcHF
cB3RJDAhbcKwot76YoHgKovhPtcHYAjdMkQJf5URbuYvAkpMoYg4KNpuUiftG8eH
2sVMMxWA5nbQBIKFnx16SNE+jpZGlhKLWNXYhj+OtHIgfmeqtllo7EUbJq7NEBuO
DFFB8wKG+zvfjw==
=Va85
-----END PGP SIGNATURE-----
pgpdc4AFJKTKI.pgp
Description: PGP signature
--- End Message ---
