Your message dated Sun, 28 Aug 2016 12:48:05 +0000
with message-id <[email protected]>
and subject line Bug#834155: fixed in rails 2:4.1.8-1+deb8u3
has caused the Debian Bug report #834155,
regarding rails: CVE-2016-6316: Possible XSS Vulnerability in Action View
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
834155: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rails
Version: 2:4.1.8-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for rails.
CVE-2016-6316[0]:
Possible XSS Vulnerability in Action View
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6316
[1] http://seclists.org/oss-sec/2016/q3/260
[2]
https://groups.google.com/forum/#!msg/rubyonrails-security/I-VWr034ouk/gGu2FrCwDAAJ
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rails
Source-Version: 2:4.1.8-1+deb8u3
We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <[email protected]> (supplier of updated rails package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 22 Aug 2016 13:35:11 -0300
Source: rails
Binary: ruby-activesupport ruby-activesupport-2.3 ruby-activerecord
ruby-activemodel ruby-actionview ruby-actionpack ruby-actionmailer
ruby-railties ruby-rails rails
Architecture: source all
Version: 2:4.1.8-1+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Antonio Terceiro <[email protected]>
Description:
rails - MVC ruby based framework geared for web application development (
ruby-actionmailer - email composition, delivery, and receiving framework (part
of Rai
ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part
of R
ruby-actionview - framework for handling view template lookup and rendering
(part o
ruby-activemodel - toolkit for building modeling frameworks (part of Rails)
ruby-activerecord - object-relational mapper framework (part of Rails)
ruby-activesupport - Support and utility classes used by the Rails 4.1
framework
ruby-activesupport-2.3 - transitional dummy package
ruby-rails - MVC ruby based framework geared for web application development
ruby-railties - tools for creating, working with, and running Rails
applications
Closes: 834155
Changes:
rails (2:4.1.8-1+deb8u3) jessie-security; urgency=high
.
* Security update
* CVE-2016-6316: Possible XSS Vulnerability in Action View
(Closes: Bug#834155)
Checksums-Sha1:
031ea91e605be5e7c55048a2a52b8a999bf52e0d 2553 rails_4.1.8-1+deb8u3.dsc
18bd61f9424d47520690d7e9162b2f998180b19a 99084
rails_4.1.8-1+deb8u3.debian.tar.xz
9a6016890b7140bc90da9e4123c90930b419a565 205904
ruby-activesupport_4.1.8-1+deb8u3_all.deb
b55aa22c4291405618af3da779e736344f5852d9 11346
ruby-activesupport-2.3_4.1.8-1+deb8u3_all.deb
ae093d177bc8f304a3d543f6feaa958124aec64f 268384
ruby-activerecord_4.1.8-1+deb8u3_all.deb
ff52069661b3a36f97227af2e8eed35314485f21 48590
ruby-activemodel_4.1.8-1+deb8u3_all.deb
9c720c97d21c61ae59fa19fcf03ee290d77acacd 141270
ruby-actionview_4.1.8-1+deb8u3_all.deb
e50483a01eb9b207a7fc18d37eee5da6aa488276 169738
ruby-actionpack_4.1.8-1+deb8u3_all.deb
be8061ed2573a46287a828791fabe51601fc6ac8 31578
ruby-actionmailer_4.1.8-1+deb8u3_all.deb
421d19e92e459eaa27947bc8981d546c3c580773 119080
ruby-railties_4.1.8-1+deb8u3_all.deb
565433da4f481bf04335ef533b73929f2ead0b28 16400
ruby-rails_4.1.8-1+deb8u3_all.deb
1cc6a3f82b9080e2ebd781b686c86b37f2aaab8c 11618 rails_4.1.8-1+deb8u3_all.deb
Checksums-Sha256:
ab3d75ff2ace8f5f166c24a6b308d0726e3f83b1c4bffbb832ffb4e964ce8179 2553
rails_4.1.8-1+deb8u3.dsc
bb11d372facaf92b7b728161e532b0483348a7cf5960d3026b30a13b4f80125a 99084
rails_4.1.8-1+deb8u3.debian.tar.xz
e9f08d822da0208c9bcdbdc31a6b3165eb0a79ae7c1b2ae587eb102df7a179d3 205904
ruby-activesupport_4.1.8-1+deb8u3_all.deb
bd935f60af367ef00ff1716748938dfded76ec40ab2904af1bfc41b047cb4d0d 11346
ruby-activesupport-2.3_4.1.8-1+deb8u3_all.deb
a61629166a74965630defdfdfe6d59dae3a29642d436448b59af77d86dcdb4d1 268384
ruby-activerecord_4.1.8-1+deb8u3_all.deb
37459c0cbab983e5e086435747cded06f8a94b839ad6baaffa5404228201105a 48590
ruby-activemodel_4.1.8-1+deb8u3_all.deb
746da14e0d4f215fc96179af6a2ec683ad8aba1450f54a961769e76c0fbb1f10 141270
ruby-actionview_4.1.8-1+deb8u3_all.deb
44b2a98c7702939c90375099683bfb876c2ac3815c90ec7992a2b8510c19f06f 169738
ruby-actionpack_4.1.8-1+deb8u3_all.deb
33041895f9432bf9558078a204ec19ec8d65caf15b826f2ca795e1f53888f542 31578
ruby-actionmailer_4.1.8-1+deb8u3_all.deb
8751caa06da3ab60ccfc64df8be407553189354362e03034ac7030ca6357d5bb 119080
ruby-railties_4.1.8-1+deb8u3_all.deb
bae3c08b11b39dffaf3ac38674e14c75768040ba76a9f500b01940fbec8477fd 16400
ruby-rails_4.1.8-1+deb8u3_all.deb
a3fca85f113e196d4e8bccc9fbd626222d9cb6ae3060e6a8f5d21e6116dd7a30 11618
rails_4.1.8-1+deb8u3_all.deb
Files:
4574d1c0b956726f7be3d2a422b81290 2553 ruby optional rails_4.1.8-1+deb8u3.dsc
bae0a9f35f41d4fcbaba72f66ae3f6e4 99084 ruby optional
rails_4.1.8-1+deb8u3.debian.tar.xz
d75db6749b18548c442ebeb60503b0e7 205904 ruby optional
ruby-activesupport_4.1.8-1+deb8u3_all.deb
b7be20f245105ba6e1d2b687a6053bd5 11346 ruby optional
ruby-activesupport-2.3_4.1.8-1+deb8u3_all.deb
55bd6cf0b98fd1dca30fc44784305756 268384 ruby optional
ruby-activerecord_4.1.8-1+deb8u3_all.deb
9a827da6492dcbc95772047320f821f5 48590 ruby optional
ruby-activemodel_4.1.8-1+deb8u3_all.deb
1d3ae5239a8d95bd31a9551d31b0d2c2 141270 ruby optional
ruby-actionview_4.1.8-1+deb8u3_all.deb
cc4ace83439848f723e5d641d2cc3f89 169738 ruby optional
ruby-actionpack_4.1.8-1+deb8u3_all.deb
97e81b03087d70807755998e058e2de9 31578 ruby optional
ruby-actionmailer_4.1.8-1+deb8u3_all.deb
1f34c6e9c6d4b6e20823aa86d8d084d4 119080 ruby optional
ruby-railties_4.1.8-1+deb8u3_all.deb
a626c6913ef9ce1c58454acb023c8dd8 16400 ruby optional
ruby-rails_4.1.8-1+deb8u3_all.deb
fb13d31ea8086be42f4cf065b662ae6f 11618 ruby optional
rails_4.1.8-1+deb8u3_all.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJXu0CqAAoJEPwNsbvNRgver6IQAO10RcDNeqMcbVIjOutQgiOD
HlzossBNGEFS+hF96pHS/x0GyoahkQWdCq8dFQ//Prj0WhECKwd+ap8zqdO+knVL
p1FQqt6hGZoejjjcKueCw6+Tb8BBHFCyS4FpI9QrCI5njj1NPm7jgqRndXP+sHhR
Y+DrD9LRo5nPbSy+S59BkjxeWis2pq4cOszqM1AuPyrkUIh0tudM9voniCtTiIXa
P61X604USoREZP8/M7WyjIr0ULeiLJvumWViST3Wb7VaP6E7uqkDXnVV6rxNUzud
bybmQ9zWsrVq2UODZ6wVzM1RyVxd2rQbm/lOTkbduMcc67Jcx81n4qqaYJ7an54A
IHDvi0sNFT54w5dNtM3A+8zC2xM3Rbi84hUf6lus1uVNt1Si4Wu1aImIIE6sR7cX
RCKUJEgLjLVzPFw1aa3u0SOlbFZR3Hhch1rSmc/aZRvZpbqzULc2/bqeAUVkd2y1
3hanZVxPQPwIbA6O8XNKJavYWtW6BCr/k0OGVKGlFk5TQ1KNISUD/MsgL0Rlp+rO
ta3GC7Q1zMAVSmak21nYo1zjH/H3E7bf67MrNu5CR934MoEnMYrkCF7vhptsByaL
3Bz7olQKrA08gGNvrRpDZQWKNUr8Tj/xaqdvjyYJ6lWZU9zj5mx0aRsERcgYzbpv
Rqg5gEaVU0p0yMY2DqAi
=erL8
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
