Your message dated Wed, 01 Jul 2020 12:05:03 +0000 with message-id <e1jqbu7-000i2f...@fasolo.debian.org> and subject line Bug#964081: fixed in rails 2:6.0.3.2+dfsg-1 has caused the Debian Bug report #964081, regarding rails: CVE-2020-8185: Untrusted users able to run pending migrations in production to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 964081: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rails Version: 2:6.0.3.1+dfsg-1 Severity: grave Tags: security upstream Hi For details please see https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 It only affects experimental. To make sure it does not migrate unfixed to unstable, using an RC severity here. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rails Source-Version: 2:6.0.3.2+dfsg-1 Done: Utkarsh Gupta <utka...@debian.org> We believe that the bug you reported is fixed in the latest version of rails, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 964...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Utkarsh Gupta <utka...@debian.org> (supplier of updated rails package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 01 Jul 2020 17:12:45 +0530 Source: rails Architecture: source Version: 2:6.0.3.2+dfsg-1 Distribution: experimental Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Utkarsh Gupta <utka...@debian.org> Closes: 964081 Changes: rails (2:6.0.3.2+dfsg-1) experimental; urgency=medium . * New upstream version 6.0.3.2+dfsg - Fixes CVE-2020-8185: Untrusted users able to run pending migrations in production (Closes: 964081) * Refresh d/patches Checksums-Sha1: 85379215adc881eb39727d5eef1c289ecd3c67cf 5246 rails_6.0.3.2+dfsg-1.dsc 4fadc020c6598d215fa8c64b7d2cdc116940acd0 13966404 rails_6.0.3.2+dfsg.orig.tar.xz 543757bfa422d2ef2caf43ad43af0c91727774c1 96416 rails_6.0.3.2+dfsg-1.debian.tar.xz 01d976dc376237d49105392ff5b45d429653f2b3 41839 rails_6.0.3.2+dfsg-1_amd64.buildinfo Checksums-Sha256: 458c3ccd68bca255391779fb9b889485906de7f808f0843d6c0346d727164d89 5246 rails_6.0.3.2+dfsg-1.dsc 1e1fb1dcedba5daab17f69aa63d4f5c3e5bb027239f7d223cb960f7405afe20c 13966404 rails_6.0.3.2+dfsg.orig.tar.xz 579f7407d3ba95deeca8528e3dd931da440fb04b147fbf23d98334d3e568cd0d 96416 rails_6.0.3.2+dfsg-1.debian.tar.xz f1d45340c6d136ee0e4e2aabeccd360680dd7b63b4cfbe68e8e49c8990ab8189 41839 rails_6.0.3.2+dfsg-1_amd64.buildinfo Files: 78fb749a9b404e8fd225ca7fcc01042f 5246 ruby optional rails_6.0.3.2+dfsg-1.dsc 2333929498af59636aab238f9ec038e3 13966404 ruby optional rails_6.0.3.2+dfsg.orig.tar.xz bb531b28af168eaa83d0383fb1a4b96c 96416 ruby optional rails_6.0.3.2+dfsg-1.debian.tar.xz 7f7ef66b865b3c648d49f25531f91e2e 41839 ruby optional rails_6.0.3.2+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl78eT0THHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlnPOEACjRSuHrkrg8bHVcAzFh6wGkyTragcQ 9lUUjEpoCi7z/Biy4dA+UYbKoac1jcLoIXTbCxit82M9sXHjRnOyfS3f6S6rONxo KqEJJYd3m1YEiMvK5xoCoWHm2nWdYd1w+NUM7uJI3wu80znK6aQpd23xo8irURS4 EALP9+V1gsNtle9MGndW7ZLM2/qGy0N+tlRXeMwHoBx+GJdO1VW2rb2bvSYyCH7d ycq/VOsiAa8/QwYSHzR7AhKvK/66LN/pYed8FW8Y5preM0k3aCOPKe1PcU8x4Bog HVohnfcR8cvAGn7+qbox2fmGVO0ZnEdElmXkotcZ2T8hREfEZkiUXtaZFCj4F3pS 2GM3vWinzzdu60+PkN/dFDWSrJOC/gI3P5hZF5F6/8zJRK5aFSNb0I6yGGkM/V3B APne5BTzIij7wyT0GnbAckw2lLF6tnb/Gmp6eOOWlIKbQ3Br/JFBh2nRz6FE7nK8 pmczSMa6gzfOALYq+TTpe2aDASNGWvPiHL9dGhWe7TD7kbvpJJR3mDXxG8hYJm1x dnuaoALNJOCM3U94tJ6meA6uTlPYFok85FACkXPxComTC5LTsVOtacd77T4RCE7a 2jh+qqDhbEqCiipRYhe4q+1L1JBQXZ4yT/4tblWUfDWhW8gghffimt+hBF/irLkv 0Q6jdRpILmO+eQ== =DciR -----END PGP SIGNATURE-----
--- End Message ---
