Michael S. Gilbert wrote: > package: rails > version: 1.1.6-3 > severity: serious > tags: security > > hello, > > it has been found that rails is vulnerable to a password bypass [1]. this > will be > fixed in upstream version 2.3.3. > > [1] > http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
Rails 2.2.2 doesn't have digest HTTP authentication. I've looked at the function in rails and I don't see the problem. Certainly this is not a problem with version 1.1.6. The issue is with Rails 2.3.x branch, AFAIK. Please let me know if I'm wrong. - Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
