rails: compatibility improvement

Sylvain Beucler (@beuc) Tue, 05 May 2026 01:00:08 -0700


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
843f225e by Sylvain Beucler at 2026-05-05T09:59:42+02:00
CVE-2022-32224/rails: compatibility improvement

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -397764,6 +397764,18 @@ CVE-2022-32224 (A possible escalation to RCE 
vulnerability exists when using YAM
        NOTE: Psych 4.0 redirects 'YAML.load' from 'YAML.unsafe_load' to 
'YAML.safe_load'; 'unsafe_load' introduced in 3.3.2.
        NOTE: "This may introduce backwards compatibility issues with existing 
data."
        NOTE: https://lists.debian.org/debian-lts/2022/09/msg00004.html
+       NOTE: Adding 'Symbol' to 'yaml_column_permitted_classes' by default:
+       NOTE: 
https://github.com/rails/rails/commit/fbb7f0b407c96cb38fba6b2e8cb8ce12252738da 
(v6.1.7)
+       NOTE: 
https://github.com/rails/rails/commit/6a421e4a6a16eacfb7444108fd24c33d11cdd0a7 
(v6.1.7)
+       NOTE: 
https://github.com/rails/rails/commit/b521e2ecfc1f94b2d594f9ba9c5fa80b1c58566e 
(v6.0.6)
+       NOTE: 
https://github.com/rails/rails/commit/aa5cac1c960190829be7c5e9441d9c07ac2ede69 
(5-2-stable)
+       NOTE: Performance follow-up:
+       NOTE: 
https://github.com/rails/rails/commit/efc58abc8860a4901393e69361a216203cb21043 
(v6.1.7)
+       NOTE: 
https://github.com/rails/rails/commit/f69034d94868e58c83aeb4125dad80531b74efd4 
(v6.1.7)
+       NOTE: 
https://github.com/rails/rails/commit/9db14db093d2065a50ed1f14e70f78d35810e05a 
(v6.0.6)
+       NOTE: 
https://github.com/rails/rails/commit/a5f27f6ace95e07ae30b6d92e71cb35f891d9b1a 
(v6.0.6)
+       NOTE: 
https://github.com/rails/rails/commit/5436676014340247ee4e53ecd2c71cab34059383 
(5-2-stable)
+       NOTE: 
https://github.com/rails/rails/commit/21cd60ee88c413b2a58552c4b31c4d9e8c17f4eb 
(5-2-stable)
 CVE-2022-32223 (Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking 
under ce ...)
        - nodejs <not-affected> (Only affects Windows)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dll-hijacking-on-windows-high-cve-2022-32223



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/843f225e6e9913a2bada97e5bbe09ef36baf8abd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/843f225e6e9913a2bada97e5bbe09ef36baf8abd
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-32224/rails: compatibility improvement

Reply via email to