1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted rails 2:6.0.3.7+dfsg-2+deb11u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Wed Mar 15 21:40:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Sat, 11 Mar 2023 14:53:57 +0800
    Source: rails
    Architecture: source
    Version: 2:6.0.3.7+dfsg-2+deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
    Changed-By: Aron Xu <aron@debian.org>
    Changes:
    rails (2:6.0.3.7+dfsg-2+deb11u1) bullseye-security; urgency=high
    .
    * Non-maintainer upload by the Security Team.
    * CVE-2021-22942: possible open redirect vulnerability in the Host
    Authorization middleware.
    * CVE-2021-44528: specially crafted "X-Forwarded-Host" headers in
    combination with certain "allowed host" formats can lead to
    redirection of users to a malicious website.
    * CVE-2022-21831: code injection in Active Storage.
    * CVE-2022-22577: XSS in Action Pack which can lead to bypass CSP
    for non HTML like responses.
    * CVE-2022-23633: thread local state for the next request may not be
    reset when the response body has been fully closed.
    * CVE-2022-27777: XSS in Action View which can lead to content
    injection.
    * CVE-2023-22792: regular expression based DoS with specially crafted
    cookies and X_FORWARDED_HOST headers.
    * CVE-2023-22794: malicious user input may be sent to the database
    with insufficient sanitization and be able to inject SQL outside of
    the comment.
    * CVE-2023-22795: regular expression based DoS related to crafted
    If-None-Match header.
    * CVE-2023-22796: regular expression based DoS related to the
    underscore method.
    Checksums-Sha1:
    b541e3209e3650a2ca95b26f0d76b550ddde085f 4492 rails_6.0.3.7+dfsg-2+deb11u1.dsc
    c93bf6d051c280503aea30877f686f20c5118483 13967752 rails_6.0.3.7+dfsg.orig.tar.xz
    639f5aa7352e446c9f42fb2dc2fd0c85531e791d 113984 rails_6.0.3.7+dfsg-2+deb11u1.debian.tar.xz
    db9f3028c631454624bb900e5dde5105e9d217ab 9072 rails_6.0.3.7+dfsg-2+deb11u1_source.buildinfo
    Checksums-Sha256:
    a90366baf4c11ba2d9face895c783f06f7075b0da5a81131f8882b0ace03384a 4492 rails_6.0.3.7+dfsg-2+deb11u1.dsc
    f1adfb152227b0b840a85f3c326db91191149021adb2c5afbed99c6d32a94582 13967752 rails_6.0.3.7+dfsg.orig.tar.xz
    6f5a471ad04622fda041ac8241111d88730d8e934a8d01cb26470209e7cd30dd 113984 rails_6.0.3.7+dfsg-2+deb11u1.debian.tar.xz
    a1253e2781690625ddbf4039c7f85b822d89ed89970f37d7e090ea5ab5346e90 9072 rails_6.0.3.7+dfsg-2+deb11u1_source.buildinfo
    Files:
    288481e447229dc6e73ecf4b728b336b 4492 ruby optional rails_6.0.3.7+dfsg-2+deb11u1.dsc
    9a2058e157560ede7b3a206d6f521d84 13967752 ruby optional rails_6.0.3.7+dfsg.orig.tar.xz
    9a682a00d1d058af4e97f4e50528be44 113984 ruby optional rails_6.0.3.7+dfsg-2+deb11u1.debian.tar.xz
    7f853c4d418e73231343051a7965c3fb 9072 ruby optional rails_6.0.3.7+dfsg-2+deb11u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmQMrZwACgkQO1LKKgqv 2VQipgf+IbQIIHlQM6XbDT2Gwg+Wjq2yfXMBLk7V3QIzTws/5agVS2gFELo8x+oY o6oOf0o7QHhfs2K0nC5Vppup0JZ2vOBxM2TBGXUB2qn/EnwZtdr/RNkee1wKomdb oPZSxGEfhfE6cH0ic7NCm0u//1Hla6iaHpOSgFmV2RtkpbIf9Vn7toHEmn3YX2xM RjVVbtrwKoCh6omN1UD6wjNtXS3uTzke4Rr4A31/lsjkPBkReICxa5ZpVoXjY5/1 V4Yraw9Evfz1tjQo5J3lkQ/C3ZqqK99w75Rs/jCcFosRusksojvvcLO1ZItacZi4 lGxiE0Si9e7nymwTeZbA6C9Q+G2jIQ==
    =fIve
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)