Your message dated Sat, 20 Apr 2019 21:47:09 +0000
with message-id <e1hhxpf-000dfc...@fasolo.debian.org>
and subject line Bug#924520: fixed in rails 2:4.2.7.1-1+deb9u1
has caused the Debian Bug report #924520,
regarding rails: CVE-2019-5418 CVE-2019-5419
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
924520: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: rails
Version: 2:5.2.2+dfsg-6
Severity: important
Tags: security upstream
Control: found -1 2:5.2.2+dfsg-5
Control: found -1 2:4.2.7.1-1
Hi,
The following vulnerabilities were published for rails.
CVE-2019-5418[0]:
File Content Disclosure in Action View
CVE-2019-5419[1]:
Denial of Service Vulnerability in Action View
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-5418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418
[1] https://security-tracker.debian.org/tracker/CVE-2019-5419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419
[2] https://www.openwall.com/lists/oss-security/2019/03/13/5
[3] https://www.openwall.com/lists/oss-security/2019/03/13/4
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rails
Source-Version: 2:4.2.7.1-1+deb9u1
We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 924...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <j...@debian.org> (supplier of updated rails package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 18 Apr 2019 20:48:13 +0200
Source: rails
Binary: ruby-activesupport ruby-activerecord ruby-activemodel ruby-activejob
ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails
Architecture: source all
Version: 2:4.2.7.1-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Moritz Mühlenhoff <j...@debian.org>
Description:
rails - MVC ruby based framework geared for web application development (
ruby-actionmailer - email composition, delivery, and receiving framework (part
of Rai
ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part
of R
ruby-actionview - framework for handling view template lookup and rendering
(part o
ruby-activejob - job framework with pluggable queues
ruby-activemodel - toolkit for building modeling frameworks (part of Rails)
ruby-activerecord - object-relational mapper framework (part of Rails)
ruby-activesupport - Support and utility classes used by the Rails 4.1
framework
ruby-rails - MVC ruby based framework geared for web application development
ruby-railties - tools for creating, working with, and running Rails
applications
Closes: 914847 924520
Changes:
rails (2:4.2.7.1-1+deb9u1) stretch; urgency=medium
.
* CVE-2018-16476 (Closes: #914847)
* CVE-2019-5418 / CVE-2019-5419 (Closes: #924520)
Checksums-Sha1:
6c5b883626daa29713ae29fd646965093cf4b9ab 3519 rails_4.2.7.1-1+deb9u1.dsc
2f93a5d884f7fdaa9d459932607e0d59caca86f6 93484
rails_4.2.7.1-1+deb9u1.debian.tar.xz
856a9cbef04f489b236ecab79e7714470e64302b 13220 rails_4.2.7.1-1+deb9u1_all.deb
f192259803b85e934cfc519c09e1dff414f1c5fb 11209
rails_4.2.7.1-1+deb9u1_amd64.buildinfo
b0fbe0ac83d6764fbc03b75a089b87c8bb6a7d07 35626
ruby-actionmailer_4.2.7.1-1+deb9u1_all.deb
c7c6495dae4023226871dbeec7389d0f883f8e88 168206
ruby-actionpack_4.2.7.1-1+deb9u1_all.deb
301925a53c4c83906b29df5e52359b8bd5c03df5 131314
ruby-actionview_4.2.7.1-1+deb9u1_all.deb
ea8c906c10e1901565b1a2791a55c1eb4544cb8a 27970
ruby-activejob_4.2.7.1-1+deb9u1_all.deb
154b8d7ffe7171779bb20f99d985dfa9b56c1df6 51178
ruby-activemodel_4.2.7.1-1+deb9u1_all.deb
01772fb1ae8931925218d541d7e8d9ee902ec5ea 281984
ruby-activerecord_4.2.7.1-1+deb9u1_all.deb
7b47f4e6a376319fae11b1baf405f4a31b759ed1 210208
ruby-activesupport_4.2.7.1-1+deb9u1_all.deb
dd74f3b65119b6dd831f9361a578098dd24c6567 18036
ruby-rails_4.2.7.1-1+deb9u1_all.deb
a5f5faa4a3d7bdaf4cbc2e19c211e187b226945c 122786
ruby-railties_4.2.7.1-1+deb9u1_all.deb
Checksums-Sha256:
cfe39e212570bd00350b4e243a51db9f991416fc9fe1bc0c140271e253065e8c 3519
rails_4.2.7.1-1+deb9u1.dsc
806f75751ac63ec313ec3455159ee1ce0b1e9f313597362284eae9256a0b47d8 93484
rails_4.2.7.1-1+deb9u1.debian.tar.xz
e88443d4201900e1206049efb808c8beb95f282e95b4a6312db3a98dd5da6b99 13220
rails_4.2.7.1-1+deb9u1_all.deb
ec318d02128fc7f18520d63cd19a1a4a8d7ee814a644698bde854ac9eaa8738f 11209
rails_4.2.7.1-1+deb9u1_amd64.buildinfo
8aab0d06a9504a27193eafcda67afde6ba2fe003ecb2e4fd67266042f0273ad8 35626
ruby-actionmailer_4.2.7.1-1+deb9u1_all.deb
47f69d40821da400b167918b5750d0ceafd2c14f2e9660ebff63b0fe6df7eb32 168206
ruby-actionpack_4.2.7.1-1+deb9u1_all.deb
f1c2e3c575244222774f46538b72ec0060b3fe851febeedf4942ca52309264ab 131314
ruby-actionview_4.2.7.1-1+deb9u1_all.deb
aa896971c7458247dcc7b494aa4b93789f4b8c2c6a12a54d08d5718d9c8dce00 27970
ruby-activejob_4.2.7.1-1+deb9u1_all.deb
b23959074da9989963561c123bef31e7e3a45d7f58cddc02773674d49ec12fee 51178
ruby-activemodel_4.2.7.1-1+deb9u1_all.deb
a9e3fc9012d41e1ebd15310efa3a0c01c8b1c747ac9c857abc85baf0ab8c3895 281984
ruby-activerecord_4.2.7.1-1+deb9u1_all.deb
1f9abc226a8a85711dceab5ffb8f7240aa080df9656963921dccb68529906d3b 210208
ruby-activesupport_4.2.7.1-1+deb9u1_all.deb
6a8ef41d281e49287c4376494c5f2908f27001f23c2a11268313f007c0872661 18036
ruby-rails_4.2.7.1-1+deb9u1_all.deb
ac1d58d263c67d72f84f8782e4b2a7764527a62c13c8044a7380a65f8fd556dd 122786
ruby-railties_4.2.7.1-1+deb9u1_all.deb
Files:
917f23a1fe072d4496538b71dbcce753 3519 ruby optional rails_4.2.7.1-1+deb9u1.dsc
4b9c58ead5bb272cc8546378086cd3db 93484 ruby optional
rails_4.2.7.1-1+deb9u1.debian.tar.xz
ec323084040a3ac9921e86d22da8fa72 13220 ruby optional
rails_4.2.7.1-1+deb9u1_all.deb
3e048fa857ccabbef374ef103ebe309f 11209 ruby optional
rails_4.2.7.1-1+deb9u1_amd64.buildinfo
718ce53c7740e63e819f74c93be62fd1 35626 ruby optional
ruby-actionmailer_4.2.7.1-1+deb9u1_all.deb
e8b47e7ec1f2c82784448b34b9d4159d 168206 ruby optional
ruby-actionpack_4.2.7.1-1+deb9u1_all.deb
5ce82351a06e9e27f33624a06a77ceea 131314 ruby optional
ruby-actionview_4.2.7.1-1+deb9u1_all.deb
979aa93b73abb542a69bb0c766bbd180 27970 ruby optional
ruby-activejob_4.2.7.1-1+deb9u1_all.deb
52a50bec5d5ccf47dde02d8c3d387b86 51178 ruby optional
ruby-activemodel_4.2.7.1-1+deb9u1_all.deb
5f9f140518ab3bd6015e0396e3478494 281984 ruby optional
ruby-activerecord_4.2.7.1-1+deb9u1_all.deb
30aeee81949b849c746064c3e5032aa9 210208 ruby optional
ruby-activesupport_4.2.7.1-1+deb9u1_all.deb
96354952ed6d7a985599fa5dd10353a5 18036 ruby optional
ruby-rails_4.2.7.1-1+deb9u1_all.deb
bc45eccfb41d26a865d155ea9a3f9e67 122786 ruby optional
ruby-railties_4.2.7.1-1+deb9u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAly5zqUACgkQEMKTtsN8
TjZ0zw//XmlWrXEWyQAI/rjFKYdyfTAgbmhKokGqY0OTGxEJPzLXy0h8vkcOBDU7
oso+pSy8zUdzHMoU+tuXzTkyukz1ZLh99xLiytyHOepxnDXp0aTRFUCsKyfh9Kt+
iac02BtQzSJbRtPwPHKeDs+rJihoFHOCZF05VTaDLYLBOyZOtOYzhWxNBXZD1GYC
6mM1PNBA4tD13PvrDUKC+trVlogsf+EpUGNBUIiUhr+CUypP0YdSlelYD5f6fOBI
dkafyRJAaJ/MM+YhWlCj4EGB5evz98uor4ibNX1i88K3m0LMEUB/6CGfsiE8ZSuB
jPAJkCMFUrLAxWRunG33gMceTuFu7zOzkShXP7tRVuf/l08GXyChFIEhgmcEJ4YH
5p/EqvQooyBd+DIkI8b9Uu3BDvFrB/6mMN3MbzzcuP95OZZU6GmXXnBgrj840zgJ
80MIB9q/vEmbaa/174t7vHAwRH2O8K0Lo0FrQiNSPUzvtBmf+bFN5TnyUihy+LuF
OymNgR2bIllWt4QQZYMqtuSnZI1IbimbHdMfXGkDXRkl5fZ+7c00xPFnFAT2un2I
0w0UQWenF5OSb4e9c1lv6T13TiKcMcFhYe6ljTpilEwg9jw2p/q7SilKjauV/6o6
SZatlbKlW/gT31we26N3YpRl5VLSNK1c9TYl1GwdqFT4kF16JBE=
=wBJD
-----END PGP SIGNATURE-----
--- End Message ---
