-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 14 Oct 2007 21:12:34 -0500 Source: rails Binary: rails Architecture: source all Version: 1.2.5-1 Distribution: unstable Urgency: high Maintainer: Adam Majer <[EMAIL PROTECTED]> Changed-By: Adam Majer <[EMAIL PROTECTED]> Description: rails - MVC ruby based framework geared for web application development Changes: rails (1.2.5-1) unstable; urgency=high . * This is a new upstream release that addresses problems not corrected in 1.2.4 or regressions. + to_json XSS [CVE-2007-3227] is really closed now + Potential Information Disclosure or DoS with Hash#from_xml [CVE-2007-5379] + Session Fixation attacks. [CVE-2007-5380] URL based sessions are now disabled by default. Session ids are only accepted from cookies by default now. [Micah Anderson] * Urgency set to high due to security issues addressed Files: 8969b125be7449232c9f00af1cfcdc01 607 web optional rails_1.2.5-1.dsc f3504e64530737fe20b0531a1fd3c456 1598999 web optional rails_1.2.5.orig.tar.gz a4fbc6914535d2eaddf0a1dbb7950ffa 27432 web optional rails_1.2.5-1.diff.gz 4f356d07837d6d4c22bd76254496e2c7 2286106 web optional rails_1.2.5-1_all.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHO5CD9n4qXRzy1ioRAsDjAKClpPaYMPOU1w8C8tKDtQUe6d44DwCfS7Yf 6HN3zowbrfSKXtnHjiomYys= =s1O3 -----END PGP SIGNATURE----- Accepted: rails_1.2.5-1.diff.gz to pool/main/r/rails/rails_1.2.5-1.diff.gz rails_1.2.5-1.dsc to pool/main/r/rails/rails_1.2.5-1.dsc rails_1.2.5-1_all.deb to pool/main/r/rails/rails_1.2.5-1_all.deb rails_1.2.5.orig.tar.gz to pool/main/r/rails/rails_1.2.5.orig.tar.gz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]