Your message dated Sat, 30 Jan 2010 22:48:03 +0000
with message-id <e1nbm6l-0005xp...@ries.debian.org>
and subject line Bug#558685: fixed in rails 2.2.3-2
has caused the Debian Bug report #558685,
regarding rails: multiple vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
558685: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: rails
version: 2.2.3-1
severity: serious
tags: security
hi,
two security vulnerabilities have been disclosed for rails:
1. xss (http://www.openwall.com/lists/oss-security/2009/11/27/2)
- note claimed fixed in version 2.3.5; please check.
2. cross-site request forgery
(http://www.openwall.com/lists/oss-security/2009/11/28/1)
- note claimed fixed in version 2.2.2, which is already in sid, but
please check to confirm this is true.
etch/lenny are likely affected, but i haven't personally checked. please
determine whether this is true. if they are affected, these issues seem
severe enough to issue a DSA, so please work with the securitiy team on
that.
thanks,
mike
--- End Message ---
--- Begin Message ---
Source: rails
Source-Version: 2.2.3-2
We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive:
rails_2.2.3-2.diff.gz
to main/r/rails/rails_2.2.3-2.diff.gz
rails_2.2.3-2.dsc
to main/r/rails/rails_2.2.3-2.dsc
rails_2.2.3-2_all.deb
to main/r/rails/rails_2.2.3-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 558...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam Majer <ad...@zombino.com> (supplier of updated rails package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 30 Jan 2010 15:43:08 -0600
Source: rails
Binary: rails
Architecture: source all
Version: 2.2.3-2
Distribution: unstable
Urgency: high
Maintainer: Adam Majer <ad...@zombino.com>
Changed-By: Adam Majer <ad...@zombino.com>
Description:
rails - MVC ruby based framework geared for web application development
Closes: 558685
Changes:
rails (2.2.3-2) unstable; urgency=high
.
* Make sure strip_tags removes tags which start with a non-printable
character. (closes: #558685) [CVE-2009-4214]
* Merge in a few additional encoding changes.
Checksums-Sha1:
e8ce4d2bf949ca98bc241c03cafb7df80612a53e 1253 rails_2.2.3-2.dsc
483620fbdf804d74f72ba3f25a7397590006bcd2 15141 rails_2.2.3-2.diff.gz
363891c36b570d35ec1f109a5870e1df62cc4351 3434778 rails_2.2.3-2_all.deb
Checksums-Sha256:
b6f9bce4d5f7dc69f4bbf250b0d5d12c7a616c656904bcccd189b72ecc1b9963 1253
rails_2.2.3-2.dsc
b067ee68c358b96b11f298bfa9adbbea9eb53ca3270f5b0a2610c7993efa361c 15141
rails_2.2.3-2.diff.gz
eaa7a47ede44975e409637f68d785148f9b12c9dccb3bf3be4d455c250323231 3434778
rails_2.2.3-2_all.deb
Files:
009ba0a09196e9e5b47db683cc11887c 1253 ruby optional rails_2.2.3-2.dsc
d9fa90d78db3b4907d7b6c285117378a 15141 ruby optional rails_2.2.3-2.diff.gz
0a49ba2c98416af5a02558c8d549d9ed 3434778 ruby optional rails_2.2.3-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktksZwACgkQ73/bNdaAYUXk6QCguASjQssjeWmXykKso+W82GHt
u1MAoLd97q4p+YtseYVW/dlaKRF0SUQG
=CPve
-----END PGP SIGNATURE-----
--- End Message ---
