Your message dated Wed, 29 Jul 2020 16:02:40 +0530
with message-id <[email protected]>
and subject line close already fixed bug
has caused the Debian Bug report #960680,
regarding ruby-actionpack-page-caching: CVE-2020-8159
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
960680: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960680
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby-actionpack-page-caching
Version: 1.1.0-1
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for ruby-actionpack-page-caching.
CVE-2020-8159[0]:
| There is a vulnerability in actionpack_page-caching gem < v1.2.1
| that allows an attacker to write arbitrary files to a web server,
| potentially resulting in remote code execution if the attacker can
| write unescaped ERB to a view.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-8159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8159
[1] https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Fixed in version ruby-actionpack-page-caching/1.2.2-1
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
