Your message dated Mon, 22 Aug 2016 18:04:33 +0000
with message-id <[email protected]>
and subject line Bug#834155: fixed in rails 2:4.2.7.1-1
has caused the Debian Bug report #834155,
regarding rails: CVE-2016-6316: Possible XSS Vulnerability in Action View
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
834155: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rails
Version: 2:4.1.8-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for rails.
CVE-2016-6316[0]:
Possible XSS Vulnerability in Action View
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6316
[1] http://seclists.org/oss-sec/2016/q3/260
[2]
https://groups.google.com/forum/#!msg/rubyonrails-security/I-VWr034ouk/gGu2FrCwDAAJ
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rails
Source-Version: 2:4.2.7.1-1
We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <[email protected]> (supplier of updated rails package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 22 Aug 2016 14:33:48 -0300
Source: rails
Binary: ruby-activesupport ruby-activerecord ruby-activemodel ruby-activejob
ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails
Architecture: source
Version: 2:4.2.7.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Antonio Terceiro <[email protected]>
Description:
rails - MVC ruby based framework geared for web application development (
ruby-actionmailer - email composition, delivery, and receiving framework (part
of Rai
ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part
of R
ruby-actionview - framework for handling view template lookup and rendering
(part o
ruby-activejob - job framework with pluggable queues
ruby-activemodel - toolkit for building modeling frameworks (part of Rails)
ruby-activerecord - object-relational mapper framework (part of Rails)
ruby-activesupport - Support and utility classes used by the Rails 4.1
framework
ruby-rails - MVC ruby based framework geared for web application development
ruby-railties - tools for creating, working with, and running Rails
applications
Closes: 834154 834155
Changes:
rails (2:4.2.7.1-1) unstable; urgency=medium
.
* New upstream release; includes fixes for the following issues:
- CVE-2016-6317: unsafe query generation in Active Record (Closes: #834154)
- CVE-2016-6316: Possible XSS Vulnerability in Action View (Closes:
#834155)
* debian/watch: restrict to the 4.x series for now
Checksums-Sha1:
c3fd66b8e85c3aa9f36474fbcb183ce926638e7e 3459 rails_4.2.7.1-1.dsc
d8389a376f2b03547b1ce8f8df26f69f85e65d42 4181681 rails_4.2.7.1.orig.tar.gz
0d71c6cf7ad9aad4b7178d61f86a6d74ee395abf 91812 rails_4.2.7.1-1.debian.tar.xz
Checksums-Sha256:
1c48dfb0d1f1381af0837743a406fcde4df5e514d0de980bcbb631337b84e86e 3459
rails_4.2.7.1-1.dsc
bfa7854f1b35e449b78db2af83fe660f17b101a487728fcfc6fb623967fb4783 4181681
rails_4.2.7.1.orig.tar.gz
b77f47304b2cce12e6bea028aed45b07a4dcc91abbdb09d4ffa25b8bd9ef372b 91812
rails_4.2.7.1-1.debian.tar.xz
Files:
8a61dbe7a7f377ddf0878748df21bf5a 3459 ruby optional rails_4.2.7.1-1.dsc
d6755586a995283c91f15d857ef74387 4181681 ruby optional
rails_4.2.7.1.orig.tar.gz
e3ba9158d7216018f2bebe80b362de6a 91812 ruby optional
rails_4.2.7.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJXuzyMAAoJEPwNsbvNRgveqJcP/3O6aOj5QN4bLqDdyPOjT5+l
KIJhT9L2tFBa0n7XafW8BSjfBdu0fb2Pgo7GabgetTCSy4fhIIpSOM4slSooTafL
xP6hQcA4WRQ8ni++N+34/85IHaPRaN8hHlXrsHzH0sZRWswdXQY3LBGZXsx4NGRJ
ziLTHyYfyILHKl+uNxiT6C6y/rXqcWh+6N17Z036SlUp9dDMGf/egfYtNOkJux1I
y8RfrprYTKOJLWk5Z0RKyb5fD1e+SJs3GtYAADWKGXsYjHTF/n7EqUMmPqLzPaCH
CHvO9XWM32r1oe3PyGouLK0dTnW2hTim54SqW/NqaAwmhvUWd5IPH0z56gs4XIPE
0yKGnXTNeV6b+UPNYow1+fiZstn+rLw3cu39k/NrZg5eqhCH/nq04njEm8/OZYCR
Chcohr9DmIf5jfK9282BeU7x+do+EF9xFnuoqQQ39rUBE92ga38XahfokyKuyLu0
M1K8vCP0XhH4bsSKBZc+/9hA9E2/5CI79Vmw4LxjlmeAKxhCKys396wtiiuORtf4
ybDLohNMvLyioLtDHcjU2ph9ESYdgysGc1Jlh9VHgmNf+oXTHwT/eI1UM7e0NeO0
rmnyjC+cGoG74lker3ZtUqc/hYZ3AddlirP3h8M4mbqfiNhb1N/pStH7sGthgFrg
CMHQzgwiEXRJUvF22oxE
=y1sI
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
