Package: rails Version: 1.1.4-2 Severity: grave Tags: security Justification: user security hole
I wish I could give details here, but all I know is from <http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits> which says that Rails 1.1.5 fixes a "serious security concern" that's currently undisclosed. As such, I was torn on what severity to report at, but finally settled on grave as it doesn't sound like this is just a minor thing. Please accept my apologies if I'm overreacting based on too little already disclosed information. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-amd64-k8-smp Locale: LANG=C, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages rails depends on: ii libdbi-ruby1.8 0.0.23-3 Database Independent Interface for ii liberb-ruby 2.0.4+ruby1.8.2-1 Tiny eRuby ii libmysql-ruby1.8 2.7-1.1 MySQL module for Ruby 1.8 ii libpgsql-ruby1.8 0.7.1-9 PostgreSQL extension library for r ii libredcloth-ruby1.8 3.0.4-1 Textile module for Ruby 1.8 ii rake 0.7.1-1 a ruby build program ii rdoc 1.8.2-1 Generate documentation from ruby s ii ruby 1.8.2-1 An interpreter of object-oriented ii ruby1.8 1.8.4-5 Interpreter of object-oriented scr Versions of packages rails recommends: ii irb 1.8.2-1 Interactive Ruby (irb) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
