Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
36011825 by Moritz Mühlenhoff at 2025-03-17T20:38:34+01:00
rails DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -79405,7 +79405,6 @@ CVE-2024-2087 (The Brizy \u2013 Page Builder plugin for
WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2024-28103 (Action Pack is a framework for handling and responding to web
requests ...)
- rails 2:7.2.2.1+dfsg-1 (bug #1072705)
- [bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <not-affected> (Vulnerable code introduced later)
[buster] - rails <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
@@ -113463,7 +113462,6 @@ CVE-2021-46907
REJECTED
CVE-2024-26144 (Rails is a web-application framework. Starting with version
5.2.0, the ...)
- rails 2:7.2.2.1+dfsg-1 (bug #1065119)
- [bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <no-dsa> (Minor issue)
NOTE:
https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
NOTE:
https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
@@ -145955,7 +145953,6 @@ CVE-2023-40316
- moodle <removed>
CVE-2023-38037 (ActiveSupport::EncryptedFile writes contents that will be
encrypted to ...)
- rails 2:7.2.2.1+dfsg-1 (bug #1051057)
- [bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <no-dsa> (Minor issue)
NOTE: https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
NOTE:
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml
@@ -169780,7 +169777,6 @@ CVE-2023-28363
RESERVED
CVE-2023-28362 (The redirect_to method in Rails allows provided values to
contain char ...)
- rails 2:7.2.2.1+dfsg-1 (bug #1051058)
- [bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <no-dsa> (Minor issue)
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
NOTE:
https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5
(main)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Mar 2025] DSA-5881-1 rails - security update
+ {CVE-2023-28362 CVE-2023-38037 CVE-2024-26144 CVE-2024-28103
CVE-2024-41128 CVE-2024-47887 CVE-2024-47888 CVE-2024-47889 CVE-2024-54133}
+ [bookworm] - rails 2:6.1.7.10+dfsg-1~deb12u1
[17 Mar 2025] DSA-5880-1 freetype - security update
{CVE-2025-27363}
[bookworm] - freetype 2.12.1+dfsg-5+deb12u4
=====================================
data/dsa-needed.txt
=====================================
@@ -49,8 +49,6 @@ php-laravel-framework
python-django
Chris is working on it
--
-rails (jmm)
---
ring
--
rsync (carnil)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/360118256c0b9f3c7bc4e5c43ccdc1a826ede91f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/360118256c0b9f3c7bc4e5c43ccdc1a826ede91f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
