On Tue, Jan 15, 2013 at 04:35:23PM +0100, Arends, R.R. wrote: > > On Tue, Jan 15, 2013 at 09:29:19AM +0100, Arends, R.R. wrote: > >> Hi there, > >> > >> thanks for the debian package. Saves me a lot of trouble. > >> But now with the vulnerability in it, i'm trying to patch/update it... > >> Any chance you will be updating it shortly to the latest version without > >> the > > vulnerability? > > > > All of the Rails packages in Debian are properly updated with the fixes > > for the recently disclosed vulnerabilities. > > > > -- > > Antonio Terceiro <[email protected]> > > Antonio thanks for your reply. > But when searching on: > http://packages.debian.org/search?keywords=rails3&searchon=names&suite=all§ion=all > I only see 3.2.6-1 for example. > With this as the changelog: > http://packages.debian.org/changelogs/pool/main/r/ruby-rails-3.2/ruby-rails-3.2_3.2.6-1/changelog > 24 jun 2012... > > Am i looking it up wrong? > # dpkg -l |grep rails3 > ii rails3 3.2.6-1 all > MVC ruby based framework geared for web application development > > http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/ > Mentions 3.2.11 as the version where the fix is in.
Debian currently in in freeze, so we do not upload new upstream versions. Instead, we apply the specific fixes for security problems over the existing packages, so the upstream part of their version numbers will not increase. Besides, since rails3 is a meta package which depends on the packages for the various components of Rails, and the fixes for those security problems were in their respective components, so no upgrade of the rails3 package itself was necessary. http://www.debian.org/security/2013/dsa-2597 http://www.debian.org/security/2013/dsa-2604 -- Antonio Terceiro <[email protected]>
signature.asc
Description: Digital signature
_______________________________________________ Pkg-ruby-extras-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
