Package: rails Version: 2.3.14 Hi,
according to http://weblog.rubyonrails.org/2011/6/8/ann-rails-2-3-12-has-been-released the rails-2.3 is only vulnerable if the rails_xss plugin is installed. The rails package in Debian doesn't install this plugin by default therefore the package in Debian in not vulnerable. O. -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rails depends on: ii rails-ruby1.8 2.3.5-1.2+squeeze0.1 MVC ruby based framework geared fo rails recommends no packages. rails suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
