Your message dated Fri, 11 Sep 2020 05:18:29 +0000
with message-id <[email protected]>
and subject line Bug#970040: fixed in rails 2:6.0.3.3+dfsg-1
has caused the Debian Bug report #970040,
regarding rails: CVE-2020-15169
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
970040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rails
Version: 2:6.0.3.2+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for rails.
CVE-2020-15169[0]:
| Cross-site scripting in translation helpers
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-15169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
[1] https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc?pli=1
[2]
https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rails
Source-Version: 2:6.0.3.3+dfsg-1
Done: Utkarsh Gupta <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Utkarsh Gupta <[email protected]> (supplier of updated rails package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Sep 2020 09:32:28 +0530
Source: rails
Architecture: source
Version: 2:6.0.3.3+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team
<[email protected]>
Changed-By: Utkarsh Gupta <[email protected]>
Closes: 970040
Changes:
rails (2:6.0.3.3+dfsg-1) unstable; urgency=medium
.
[ Cédric Boutillier ]
* [ci skip] Update team name
* [ci skip] Add .gitattributes to keep unwanted files out of the
source package
.
[ Utkarsh Gupta ]
* New upstream version 6.0.3.3+dfsg
- Ensure values directly from `options[:default]` are not marked
as `html_safe`. (Fixes: CVE-2020-15169) (Closes: #970040)
Checksums-Sha1:
5bf755d86d5d103b29005e7c24ce65fc5b05d445 5227 rails_6.0.3.3+dfsg-1.dsc
da03c429b738f6610cbe2c9f0ea3e833f1da4aaf 13966456
rails_6.0.3.3+dfsg.orig.tar.xz
369808dcfdcb607779eae7f9ee9fac001969f3ca 97060
rails_6.0.3.3+dfsg-1.debian.tar.xz
0b0146e0f398ac5c1cd92e5ad604aff4c6fd4775 34147
rails_6.0.3.3+dfsg-1_source.buildinfo
Checksums-Sha256:
9f8f21e0fd0253b2c0a5b879c452bbcfceade95ab1b332a9f356163b7f1998f5 5227
rails_6.0.3.3+dfsg-1.dsc
683e2d13972da834c1d1585960b15a870e84039fd591f4b0420a3ed5c6d8b8ee 13966456
rails_6.0.3.3+dfsg.orig.tar.xz
747185a070570821f89075786338100246c02d56bdf5f580d2c663d69fe61de5 97060
rails_6.0.3.3+dfsg-1.debian.tar.xz
14753dbcf9bc0770928e5d26d8f31ff2b8bc17f49923bd384614dc883a1fdb2f 34147
rails_6.0.3.3+dfsg-1_source.buildinfo
Files:
015429cac38897d36abf2eb0cae9b469 5227 ruby optional rails_6.0.3.3+dfsg-1.dsc
552a5075da4726bf1ce98783ad02085f 13966456 ruby optional
rails_6.0.3.3+dfsg.orig.tar.xz
b47778b4a6207be3c9615ee4b6977b45 97060 ruby optional
rails_6.0.3.3+dfsg-1.debian.tar.xz
2cd7921fb5e8591295b377b366290f69 34147 ruby optional
rails_6.0.3.3+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl9bBJITHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLljDZD/4sTuyI444KVyIqXXjQsbZbqhUykbSe
nn8PSjh3IwL12ukPXwmMquZIw93q1lb+s7jCnkaSdcrI/TgERH307JBBYUo7Bd7q
EHHGaqcSXNs8DNmwly4we7LOFTY71Kr8FBx6n+BwdS7cNr7n/7ImACX2dXGZ1W/l
pbmQxITYvuN9ZFItlvZZHiYvCrEEOZrWNRtbYmSW/qq+ukaYp2wCSfTeRxEkWNiS
a5ecqwGZ5fDMuTPb5ey9Kbst0VFfPBA22/1f2+05PTgh933VmBpMJnsk0VSR9hOo
LYmY01oflcXL/RYrqePdZMXrH/w5+RvPxg4uhazcMXHN7AvhbwCSuXM7cznBt0rG
3DAtLd/I22REYRzmfq76x/SFLdh08XzjTqFLZBmNwq7vgBiBVIT0EJ/zy+R9MrJs
M+TPlmcve3acwprcIKLes1z6Ht3G7r/ZHCrrN7I4+torLbFwZbg4ty74Qt98go9y
kAmO6PhdZpDKOVpnclNQZZDXfMOI/eqiOatKHgR0LIDkEwnY4RVGskRx+ZGNZaPF
OiYHwtX7Hb4dhX++X4d5We7W/pgwrFXOC1R58HMwaGfp7LVoCl3Cf1+nm7wbbyOP
h0GPuZA5y+ISvUkNkPXZ+Ix8nhdOx6CBUVVmEYH6PD7ihYJNDfPibCukMmoJGLBZ
uv8xqbsivEzr4g==
=ALMx
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
