Your message dated Fri, 11 Jun 2021 09:47:17 +0000 with message-id <e1lrdkz-000bo7...@fasolo.debian.org> and subject line Bug#988214: fixed in rails 2:5.2.2.1+dfsg-1+deb10u3 has caused the Debian Bug report #988214, regarding CVE-2021-22885 CVE-2021-22902 CVE-2021-22904 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988214: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: rails Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> CVE-2021-22904: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7) CVE-2021-22902: Fixed by: https://github.com/rails/rails/commit/446afbd15360a347c923ca775b21a286dcb5297a (v6.0.3.7) CVE-2021-22885: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7) Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: rails Source-Version: 2:5.2.2.1+dfsg-1+deb10u3 Done: Utkarsh Gupta <utka...@debian.org> We believe that the bug you reported is fixed in the latest version of rails, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Utkarsh Gupta <utka...@debian.org> (supplier of updated rails package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 06 Jun 2021 18:26:33 +0530 Source: rails Binary: rails ruby-actioncable ruby-actionmailer ruby-actionpack ruby-actionview ruby-activejob ruby-activemodel ruby-activerecord ruby-activestorage ruby-activesupport ruby-rails ruby-railties Architecture: source all Version: 2:5.2.2.1+dfsg-1+deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Utkarsh Gupta <utka...@debian.org> Description: rails - MVC ruby based framework geared for web application development ( ruby-actioncable - WebSocket framework for Rails (part of Rails) ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R ruby-actionview - framework for handling view template lookup and rendering (part o ruby-activejob - job framework with pluggable queues ruby-activemodel - toolkit for building modeling frameworks (part of Rails) ruby-activerecord - object-relational mapper framework (part of Rails) ruby-activestorage - Local and cloud file storage framework (part of Rails) ruby-activesupport - Support and utility classes used by the Rails 4.1 framework ruby-rails - MVC ruby based framework geared for web application development ruby-railties - tools for creating, working with, and running Rails applications Closes: 988214 Changes: rails (2:5.2.2.1+dfsg-1+deb10u3) buster-security; urgency=high . * Add patch to prevent string polymorphic route arguments. (Fixes: CVE-2021-22885) (Closes: #988214) * Add patch to prevent slow regex when parsing host auth header. (Fixes: CVE-2021-22904) (Closes: #988214) * Add patch to fix possible DoS vector in PostgreSQL money type. (Fixes: CVE-2021-22880) Checksums-Sha1: 9d5047a25ac27487f7328de7334eac22c3036c17 4417 rails_5.2.2.1+dfsg-1+deb10u3.dsc 89e94af74ee9bc3229d4e6ef1af562ccd3313662 6143580 rails_5.2.2.1+dfsg.orig.tar.xz ec2e3944b7a6e7555bc85b866d47725d8a9b1586 96060 rails_5.2.2.1+dfsg-1+deb10u3.debian.tar.xz 47d53a2dbc10b0e8724d5bf5f0c6a3c923343204 14892 rails_5.2.2.1+dfsg-1+deb10u3_all.deb f368b03e1b08b73b7cc41f824e416ac380d4fda7 22124 rails_5.2.2.1+dfsg-1+deb10u3_amd64.buildinfo 7d79676eff035379fe2928a0b4ed5a3ef082f89e 42272 ruby-actioncable_5.2.2.1+dfsg-1+deb10u3_all.deb 67a33fbc951d16d2d325161c6eec19a70c549fc8 38004 ruby-actionmailer_5.2.2.1+dfsg-1+deb10u3_all.deb 0fce34b992f03630997281d5fa425d021d93d0fa 184320 ruby-actionpack_5.2.2.1+dfsg-1+deb10u3_all.deb 6c1b1e7251a969784f8593dfacc593523626db92 144196 ruby-actionview_5.2.2.1+dfsg-1+deb10u3_all.deb 00e96767499fb7af868952c4e8c4a6e8f4d606b1 34852 ruby-activejob_5.2.2.1+dfsg-1+deb10u3_all.deb 38901a079cac0ba508dfe99af81feff2f0fedd99 60596 ruby-activemodel_5.2.2.1+dfsg-1+deb10u3_all.deb ba158a22c8a44a6f42ad89aa65bf59f61613c404 289936 ruby-activerecord_5.2.2.1+dfsg-1+deb10u3_all.deb ddc1937f09601c7b6eac0d9de6ada687e72896dc 49492 ruby-activestorage_5.2.2.1+dfsg-1+deb10u3_all.deb 32c69cd26b2b6d7ac790b1eb41e70b71ba76b95e 239588 ruby-activesupport_5.2.2.1+dfsg-1+deb10u3_all.deb a6d5619f9cb889f1dc1ac39b3256b69f587a7e1f 19032 ruby-rails_5.2.2.1+dfsg-1+deb10u3_all.deb 8e1bc9a4e47d6fe6a61e0ccb55275bb8100a1d50 224292 ruby-railties_5.2.2.1+dfsg-1+deb10u3_all.deb Checksums-Sha256: a2eb15613c1329f5e955eb15cd08ea5a152c0d3e6dfa40feeb371f46abb92d45 4417 rails_5.2.2.1+dfsg-1+deb10u3.dsc 152ca2e473cd10de7fe319e145fac7165368d136b115b37ac5f7e261dc98fa60 6143580 rails_5.2.2.1+dfsg.orig.tar.xz 2be97b7c34ece28bb28be4ba59265524db657e80ad324466a07d0ff6f1f97066 96060 rails_5.2.2.1+dfsg-1+deb10u3.debian.tar.xz 9706811bac8858be0325b31a9eeb8a845c1a7f91e65a0cc8f303ab400542d93d 14892 rails_5.2.2.1+dfsg-1+deb10u3_all.deb 65f2df52f5e7b3364cc7af0c96b3063dcbea02afd760ede41de2d977e1bd9cbb 22124 rails_5.2.2.1+dfsg-1+deb10u3_amd64.buildinfo 0685171409ac696ba1cd4c04a2dc637bb45a4ec2c3a44cf3656f66350d372f4c 42272 ruby-actioncable_5.2.2.1+dfsg-1+deb10u3_all.deb 2e3d4ddf10f84e260c124114524d72e81a4e546a8404afb8650ea0f464bee252 38004 ruby-actionmailer_5.2.2.1+dfsg-1+deb10u3_all.deb 791323b9e2b6df1f3835d73563f3babb5eaf2ce2ad5a7a21ab8277e0b345b9e0 184320 ruby-actionpack_5.2.2.1+dfsg-1+deb10u3_all.deb 78463f329c08168ef18e7f57df0465f853e1d83971266a90872c21a166219c37 144196 ruby-actionview_5.2.2.1+dfsg-1+deb10u3_all.deb 70eec2ec1900a9c2f5ae26218f9e39d42091ba1b671359ec5f6c308f34ae30d9 34852 ruby-activejob_5.2.2.1+dfsg-1+deb10u3_all.deb dd115b2ec8012db487bee9bd0d8a9905af292d5e619d7fea6607a2c12376ef86 60596 ruby-activemodel_5.2.2.1+dfsg-1+deb10u3_all.deb f7c11b55cfd53e32be423439ec6d083d9b397072b77a0bf167afc4fce8e9147e 289936 ruby-activerecord_5.2.2.1+dfsg-1+deb10u3_all.deb 0c1f2b45b638196c8c7fc7d435fe192c8d921966c5cc69e428ff618a8cd8aff4 49492 ruby-activestorage_5.2.2.1+dfsg-1+deb10u3_all.deb dd02ab904f7e5f2b1b8a285552b0273471f2dcae1a3bdb415f0f24eeef3ed29c 239588 ruby-activesupport_5.2.2.1+dfsg-1+deb10u3_all.deb b684edfd1a418ea7ab9fbde71abb02e2e019a7befa65460229435f7b2bd1d3ad 19032 ruby-rails_5.2.2.1+dfsg-1+deb10u3_all.deb aa8597a4116c5751b245a43521ef898a636f9e7b15c081f0637e8f5c9456ac75 224292 ruby-railties_5.2.2.1+dfsg-1+deb10u3_all.deb Files: 7022ef0e1043ee86991f6d1aa6a40499 4417 ruby optional rails_5.2.2.1+dfsg-1+deb10u3.dsc e7a6fc5e34aa81571b98d962770e290e 6143580 ruby optional rails_5.2.2.1+dfsg.orig.tar.xz d94f3a78993835dfd1ad5f59872415ef 96060 ruby optional rails_5.2.2.1+dfsg-1+deb10u3.debian.tar.xz 5e734e17fe77f16a15db1b930f94b762 14892 ruby optional rails_5.2.2.1+dfsg-1+deb10u3_all.deb 31a33b089920e7c7fa31124c80a844a9 22124 ruby optional rails_5.2.2.1+dfsg-1+deb10u3_amd64.buildinfo a7624167540b509036bd65462a15e7d1 42272 ruby optional ruby-actioncable_5.2.2.1+dfsg-1+deb10u3_all.deb 6282c13a2d71e0b67d09321aebc49c43 38004 ruby optional ruby-actionmailer_5.2.2.1+dfsg-1+deb10u3_all.deb 3ac17bfb7a51199cb6831ee54be26287 184320 ruby optional ruby-actionpack_5.2.2.1+dfsg-1+deb10u3_all.deb 326c9de1df8609615b2b4dbab3237bf2 144196 ruby optional ruby-actionview_5.2.2.1+dfsg-1+deb10u3_all.deb e6fea028ce34de196eaff40c37ae2fe4 34852 ruby optional ruby-activejob_5.2.2.1+dfsg-1+deb10u3_all.deb cf4d069d2c89c866efd682c4bea93c8a 60596 ruby optional ruby-activemodel_5.2.2.1+dfsg-1+deb10u3_all.deb dbe74f4e53fc59d16ebe951a75b09dc4 289936 ruby optional ruby-activerecord_5.2.2.1+dfsg-1+deb10u3_all.deb f63ebc294d524852db5a676e8d475c59 49492 ruby optional ruby-activestorage_5.2.2.1+dfsg-1+deb10u3_all.deb c225a8d283506eeecb1d083bca776545 239588 ruby optional ruby-activesupport_5.2.2.1+dfsg-1+deb10u3_all.deb 474b6f4efb843749d4018749469b216b 19032 ruby optional ruby-rails_5.2.2.1+dfsg-1+deb10u3_all.deb c3924ace77bcb393b8273923c073c5b7 224292 ruby optional ruby-railties_5.2.2.1+dfsg-1+deb10u3_all.deb -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmC8xzkTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlu5ED/4yZWGG1sDhqXcXLRrRSCndLPZiVfJ0 soSyFAOa21FPB8h7ffhxQb+TScOxBqaaKnZX8d9SGpO/LgRhug0mQaa4buXQhrwD fU0ZtUjfR9XUttfC5mD8QWhkruBf6xhNtBiwJtKhicekmeDHwWY6b8HEjCgFHugv PxhWqq83Owleu50oJADIhEKLDoDMtZSsn3eAkRHCz6mB3redsR8Tt+mGjUgVfPl1 xRDLqTMjVqvta3qdI+LtY/JUWbj6gOTRMwBdLH2ZqYTrOEun/CaZ5sqcPsakX8ct KU7moGr4pCaEHn4PiD2zyFWn8qg67nHjkhgtNyebNAd5JMjEQh0ex5Pf04Ij+iyv 8hWXhaKcVZSDWbco5ZTVCIcJMddecXxpQm1E7Dm5OP4nx46hplkUnh0oQeYasQV7 nAbYrwUp9Pb7t7OYVKPkI6CyUipjd+JDWVLqnUEqprp+t/+zJ+4+1jXZuIaEhjH5 si/WX79UcaHVWA2aTtX1TP20oRGoj6bVPEOFjcisNqBOMHA6LFHkNFkiLCcfEYmV WLVEOUeIEgu6ZcSIZATxzfXCUP1wh19VrPO9AYbofklAca3yYzHwcykKbscDlGKO j17EjR9WGXuigkR2AvOeouR0nc/KoXSbHkuUty3+4H7x/birIUB33GvGM6uZpyg2 PHhLqh9MO29aAA== =mFBA -----END PGP SIGNATURE-----
--- End Message ---
