Your message dated Wed, 01 Jun 2011 01:54:03 +0000
with message-id <[email protected]>
and subject line Bug#614864: fixed in rails 2.3.5-1.2+squeeze0.1
has caused the Debian Bug report #614864,
regarding CVE-2011-0446 and CVE-2011-0447
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
614864: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rails
Severity: grave
Tags: security
Please see
http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
Cheers,
Moritz
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: rails
Source-Version: 2.3.5-1.2+squeeze0.1
We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive:
libactionmailer-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactionmailer-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
libactionmailer-ruby_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactionmailer-ruby_2.3.5-1.2+squeeze0.1_all.deb
libactionpack-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactionpack-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
libactionpack-ruby_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactionpack-ruby_2.3.5-1.2+squeeze0.1_all.deb
libactiverecord-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactiverecord-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
libactiverecord-ruby_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactiverecord-ruby_2.3.5-1.2+squeeze0.1_all.deb
libactiveresource-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactiveresource-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
libactiveresource-ruby_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactiveresource-ruby_2.3.5-1.2+squeeze0.1_all.deb
libactivesupport-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactivesupport-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
libactivesupport-ruby_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/libactivesupport-ruby_2.3.5-1.2+squeeze0.1_all.deb
rails-doc_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/rails-doc_2.3.5-1.2+squeeze0.1_all.deb
rails-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/rails-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
rails_2.3.5-1.2+squeeze0.1.debian.tar.gz
to main/r/rails/rails_2.3.5-1.2+squeeze0.1.debian.tar.gz
rails_2.3.5-1.2+squeeze0.1.dsc
to main/r/rails/rails_2.3.5-1.2+squeeze0.1.dsc
rails_2.3.5-1.2+squeeze0.1_all.deb
to main/r/rails/rails_2.3.5-1.2+squeeze0.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <[email protected]> (supplier of updated rails package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 30 May 2011 09:43:10 +0200
Source: rails
Binary: rails rails-ruby1.8 rails-doc libactiverecord-ruby
libactiverecord-ruby1.8 libactiverecord-ruby1.9.1 libactivesupport-ruby
libactivesupport-ruby1.8 libactivesupport-ruby1.9.1 libactionpack-ruby
libactionpack-ruby1.8 libactionmailer-ruby libactionmailer-ruby1.8
libactiveresource-ruby libactiveresource-ruby1.8
Architecture: source all
Version: 2.3.5-1.2+squeeze0.1
Distribution: stable-security
Urgency: low
Maintainer: Adam Majer <[email protected]>
Changed-By: Ondřej Surý <[email protected]>
Description:
libactionmailer-ruby - Framework for generation of customized email messages
libactionmailer-ruby1.8 - Framework for generation of customized email messages
libactionpack-ruby - Controller and View framework used by Rails
libactionpack-ruby1.8 - Controller and View framework used by Rails
libactiverecord-ruby - ORM database interface for ruby
libactiverecord-ruby1.8 - ORM database interface for ruby
libactiverecord-ruby1.9.1 - ORM database interface for ruby
libactiveresource-ruby - Connects objects and REST web services
libactiveresource-ruby1.8 - Connects objects and REST web services
libactivesupport-ruby - utility classes and extensions (Ruby 1.8)
libactivesupport-ruby1.8 - utility classes and extensions (Ruby 1.8)
libactivesupport-ruby1.9.1 - utility classes and extensions (Ruby 1.8)
rails - MVC ruby based framework geared for web application development
rails-doc - Documentation for rails, a MVC ruby based framework
rails-ruby1.8 - MVC ruby based framework geared for web application development
Closes: 614864
Changes:
rails (2.3.5-1.2+squeeze0.1) stable-security; urgency=low
.
* Non-maintainer upload.
* Fix CVE-2011-0446: Be sure to javascript_escape the email address to
prevent apostrophes inadvertently causing javascript errors.
* Fix CVE-2011-0447: Change the CSRF whitelisting to only apply to get
requests (Closes: #614864)
Checksums-Sha1:
d1b5dd4331881b8dd33bbfd5492841b5f168edea 1699 rails_2.3.5-1.2+squeeze0.1.dsc
f8df515f5137e69cefbdb21af94410eb6a0fd4b4 3173705 rails_2.3.5.orig.tar.gz
d32a873db75c32888731983a1b4afaef38b994b2 21992
rails_2.3.5-1.2+squeeze0.1.debian.tar.gz
2f9d30f93df62c14cd958fd1ff48bd68e1d4f5be 11878
rails_2.3.5-1.2+squeeze0.1_all.deb
733d54b60153b1e497ea6ac0acf92773e2c76415 222196
rails-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
3729e581a27dabb1f9e76a3ec2d1e6e9ac57ea46 899126
rails-doc_2.3.5-1.2+squeeze0.1_all.deb
bcafd9d20a27ee7cf12e5f9d738a9fe6df70c93b 9330
libactiverecord-ruby_2.3.5-1.2+squeeze0.1_all.deb
f52d3133ab952dfb2ced0d1e1aca9a2e3484a90d 265992
libactiverecord-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
941f870683358ad716222518651f4a44a44bdefb 265302
libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
3362b81979dadf1849b3671df2ebb01d5649fc4b 9266
libactivesupport-ruby_2.3.5-1.2+squeeze0.1_all.deb
abe4b8ab8361a937cf06c40b6c98704f8a3b5457 253658
libactivesupport-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
d32bef7b972c2b35a456d7c9596bb79f69298551 253082
libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
1f0b73e4cd2a4e09b55a436698ae50a2e26b868b 9394
libactionpack-ruby_2.3.5-1.2+squeeze0.1_all.deb
aad4fd9cec2451506e965070904a96cddc679556 320978
libactionpack-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
415ce12fcddb3bb02c5f9dff262ec5b13243c877 9354
libactionmailer-ruby_2.3.5-1.2+squeeze0.1_all.deb
f7a922b147ac5b653ffaa9460209175f2e47248f 31590
libactionmailer-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
55d86927015cbc1a335513812be701f8110a6316 9356
libactiveresource-ruby_2.3.5-1.2+squeeze0.1_all.deb
2fc37eda971e886be8744e9e277243594d0592ba 36652
libactiveresource-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
Checksums-Sha256:
af896c43c483f87a2a07f73238adab5947a107ae442779e53edfa538c389c3aa 1699
rails_2.3.5-1.2+squeeze0.1.dsc
f07416a3655ef24316e6fb8bd57bf00f5b06b9d6191cec15be93d08238ed1313 3173705
rails_2.3.5.orig.tar.gz
cb3efe5064fe8b6f6a2215debcb01fa6bae1355968330e6a67f9a1ac5f0ac990 21992
rails_2.3.5-1.2+squeeze0.1.debian.tar.gz
deeaedc7c699a52f246e9a4c454b53495ce72006f0a44cb96614240a1720d711 11878
rails_2.3.5-1.2+squeeze0.1_all.deb
27b74e9455d91558526fcefc59da5b20a6410222afa817f5dea09a1ebcc1fc91 222196
rails-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
fc15660812c74ffd42fa73ffc2084ea39971d2a628072e363c6c99fb0602b5b8 899126
rails-doc_2.3.5-1.2+squeeze0.1_all.deb
b666cd68aea827c71fb79cf66bdc5fcfe9abcbdad9fdc9205c369882a01d854c 9330
libactiverecord-ruby_2.3.5-1.2+squeeze0.1_all.deb
3b7455f6366b91db2ba22398b5a52abfc655295bac7b005f62dffe23da3e7f1f 265992
libactiverecord-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
885c64b83752b9ec944578f52e7d0644e60783d36c5817b25fe9023328eae803 265302
libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
4b1a5c3651e73f2b867492fc30604310533c99bff9a7c3cf8f0675bedc040d2f 9266
libactivesupport-ruby_2.3.5-1.2+squeeze0.1_all.deb
42e33a40091bfa54e036fa8db85e8c0f7747d9b03da51f0388533327e80139c6 253658
libactivesupport-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
e74d48d2d2fa18e6304914df67bb4a169508ba1e34fe3689a966bbbba6379371 253082
libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
8e37177e4c27650507a4cdfe1ca6269cd867e89aa22d78a150d35368ece485cf 9394
libactionpack-ruby_2.3.5-1.2+squeeze0.1_all.deb
c749c6cdd18b9ccf1de2b12ab1d97329baf23eb1c9c5053a09ed0d9f7b67bc8d 320978
libactionpack-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
7557e8a5f33cb2b960d8530ad3f1f42031b906542a0f64e1fcf06fd382fb4e4c 9354
libactionmailer-ruby_2.3.5-1.2+squeeze0.1_all.deb
d864038a37f40b4034abb1e84f040abeb34a1ec157c33b517e0a0224f67b9f3e 31590
libactionmailer-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
9f81f676b5c6040d04afbd2907dfd24cc5d4950afa2add33c0b53d23d85914ca 9356
libactiveresource-ruby_2.3.5-1.2+squeeze0.1_all.deb
8030e46e687da641c0cc4712d2ea2f249420c922975f6d03356465d02c62a2cb 36652
libactiveresource-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
Files:
dc22c789c5d2fdff7680b8c7cadcec0e 1699 ruby optional
rails_2.3.5-1.2+squeeze0.1.dsc
8e28f9ba645d67dea57a33508d11a56c 3173705 ruby optional rails_2.3.5.orig.tar.gz
62a691c47f58dc05ef8444e981c63f8a 21992 ruby optional
rails_2.3.5-1.2+squeeze0.1.debian.tar.gz
f90e492aab13cf7f36a932c2ceac2ddb 11878 ruby optional
rails_2.3.5-1.2+squeeze0.1_all.deb
731a5c320f05686df1f00e73bb40b7f6 222196 ruby optional
rails-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
ac304dc9c8d5c96166f2f35d4813fdd5 899126 doc optional
rails-doc_2.3.5-1.2+squeeze0.1_all.deb
a4a1de01878d2019842f7147b6afa35f 9330 ruby optional
libactiverecord-ruby_2.3.5-1.2+squeeze0.1_all.deb
d9aace2a82b4719ebeb2901ad13bbe20 265992 ruby optional
libactiverecord-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
7a69c5a24b84a6b669fddc63f529f32a 265302 ruby optional
libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
f8cdfe71f52b6dd8bf86270757d84b2f 9266 ruby optional
libactivesupport-ruby_2.3.5-1.2+squeeze0.1_all.deb
22e96bcc79d29737cd1bda70eff08112 253658 ruby optional
libactivesupport-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
3536bf36525fbcefff82acee55edc360 253082 ruby optional
libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze0.1_all.deb
a9327d1f282e22799625036891b62652 9394 ruby optional
libactionpack-ruby_2.3.5-1.2+squeeze0.1_all.deb
3045874729f28beb3053f94a13c4d156 320978 ruby optional
libactionpack-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
3509f8853a99f6c98194c0d20822809d 9354 ruby optional
libactionmailer-ruby_2.3.5-1.2+squeeze0.1_all.deb
b95e66c9a06d521bec448468a046879c 31590 ruby optional
libactionmailer-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
33d96875656429eadab857318cd9fa5b 9356 ruby optional
libactiveresource-ruby_2.3.5-1.2+squeeze0.1_all.deb
e1819cd6c3acf1b15cbdd9a0aa475a80 36652 ruby optional
libactiveresource-ruby1.8_2.3.5-1.2+squeeze0.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk3jh3QACgkQ9OZqfMIN8nOU+wCgqbC7j9wZ9TTsT7Zi/tZokHox
poQAniHBSIzEW/ExfGZN/aV7PSXkmckY
=qMdb
-----END PGP SIGNATURE-----
--- End Message ---