package: rails version: 2.2.3-1 severity: serious tags: security hi,
two security vulnerabilities have been disclosed for rails: 1. xss (http://www.openwall.com/lists/oss-security/2009/11/27/2) - note claimed fixed in version 2.3.5; please check. 2. cross-site request forgery (http://www.openwall.com/lists/oss-security/2009/11/28/1) - note claimed fixed in version 2.2.2, which is already in sid, but please check to confirm this is true. etch/lenny are likely affected, but i haven't personally checked. please determine whether this is true. if they are affected, these issues seem severe enough to issue a DSA, so please work with the securitiy team on that. thanks, mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
