Please unblock rails 2.1.0-4 to enter testing. The changes are only,
* binary data corruption fix on PostgreSQL + byea columns
* MySQL SQL injection in :limit and :offset - the patch is from
upstream and was the next patch after they tagged 2.1.0. They have not
reported this on their security mailing list (bug June 1st) or anywhere
until I saw the bug on secunia advisory over 2.5 months later [1][2].
To view the patches, you can diff the tree, or just look at the
commitdiffs at,
http://git.debian.org/?p=collab-maint/rails.git;a=shortlog;h=refs/heads/debian-lenny
- Adam
[1] http://rails.lighthouseapp.com/projects/8994/tickets/288
[2] http://secunia.com/advisories/31875/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
