Your message dated Tue, 19 Mar 2019 07:19:43 +0000
with message-id <[email protected]>
and subject line Bug#924521: fixed in rails 2:5.2.2.1+dfsg-1
has caused the Debian Bug report #924521,
regarding rails: CVE-2019-5420
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
924521: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rails
Version: 2:5.2.2+dfsg-6
Severity: important
Tags: security upstream
Control: found -1 2:5.2.2+dfsg-5
Hi,
The following vulnerability was published for rails.
CVE-2019-5420[0]:
Possible Remote Code Execution Exploit in Rails Development Mode
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-5420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420
[1] https://www.openwall.com/lists/oss-security/2019/03/13/3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rails
Source-Version: 2:5.2.2.1+dfsg-1
We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Utkarsh Gupta <[email protected]> (supplier of updated rails package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 17 Mar 2019 17:44:07 +0530
Source: rails
Binary: ruby-activesupport ruby-activerecord ruby-activemodel ruby-activejob
ruby-actionview ruby-actionpack ruby-actionmailer ruby-actioncable
ruby-activestorage ruby-railties ruby-rails rails
Architecture: source
Version: 2:5.2.2.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Utkarsh Gupta <[email protected]>
Description:
rails - MVC ruby based framework geared for web application development (
ruby-actioncable - WebSocket framework for Rails (part of Rails)
ruby-actionmailer - email composition, delivery, and receiving framework (part
of Rai
ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part
of R
ruby-actionview - framework for handling view template lookup and rendering
(part o
ruby-activejob - job framework with pluggable queues
ruby-activemodel - toolkit for building modeling frameworks (part of Rails)
ruby-activerecord - object-relational mapper framework (part of Rails)
ruby-activestorage - Local and cloud file storage framework (part of Rails)
ruby-activesupport - Support and utility classes used by the Rails 4.1
framework
ruby-rails - MVC ruby based framework geared for web application development
ruby-railties - tools for creating, working with, and running Rails
applications
Closes: 924520 924521
Changes:
rails (2:5.2.2.1+dfsg-1) unstable; urgency=medium
.
* Team upload
* New upstream version 5.2.2.1+dfsg (Closes: #924520, #924521)
(Fixes: CVE-2019-5418 CVE-2019-5419, CVE-2019-5420)
* Drop unused override
* Remove duplicate Depends entry for rake
* Add d/upstream/metadata
Checksums-Sha1:
82bbdbf3e93b41cd78030a78fcc443e00187989c 4356 rails_5.2.2.1+dfsg-1.dsc
89e94af74ee9bc3229d4e6ef1af562ccd3313662 6143580 rails_5.2.2.1+dfsg.orig.tar.xz
d1bc7dff0a3945b4a0371131ab0d227677e17853 87400
rails_5.2.2.1+dfsg-1.debian.tar.xz
68a1b4eb6d4d6446cc152ef679e6c606fbe94720 14812
rails_5.2.2.1+dfsg-1_source.buildinfo
Checksums-Sha256:
908c7cc545b1ce8fb403a0b0762a729bd9ef282a65d08415372cfb9eee9781d9 4356
rails_5.2.2.1+dfsg-1.dsc
152ca2e473cd10de7fe319e145fac7165368d136b115b37ac5f7e261dc98fa60 6143580
rails_5.2.2.1+dfsg.orig.tar.xz
3c8d226f964c7d78d45f78c5d5f1096b6f170552cda33c6aca746a904fe7bebc 87400
rails_5.2.2.1+dfsg-1.debian.tar.xz
7f4e43e33123d1cfc45ea954465b651d7e353c0d84b014fb275c63bd5bdedb54 14812
rails_5.2.2.1+dfsg-1_source.buildinfo
Files:
43eceba1f04176e2247a13dd82cfd26b 4356 ruby optional rails_5.2.2.1+dfsg-1.dsc
e7a6fc5e34aa81571b98d962770e290e 6143580 ruby optional
rails_5.2.2.1+dfsg.orig.tar.xz
f6530693693c1ae46075becd23947dac 87400 ruby optional
rails_5.2.2.1+dfsg-1.debian.tar.xz
70d6ea341a9a70070e2a429aa57aad2c 14812 ruby optional
rails_5.2.2.1+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEsclPZxif+sAmSPvz1N6yL8C5bhUFAlyQk24ACgkQ1N6yL8C5
bhVpSQ//U7y+2AYXd/mMWBdhGYlsf8gOdCVI1sdTmGuJxnjteVlxENf9ccY5jhFv
0eXtXAzcLK1530PvkT819FqM0LS8MB8ePsQpwSQbmmYHQfwZAV1bPFh0neugUMGL
HKKB8D/iQrSRuzBJ/QiJlASns6d5E17N7L7Ji9e5XBS3OnX0TvO//HdNZJKSnmdp
M6ARfrJiml/naHdTcUIALZbFruTH+kXN1ilnmiEVsPDM1wrBVc8Z07ceVaLJhxlV
A7IErPwfr+7HkrbgfneByHYoAc1++b6anqS+nUqdnLEGj3PFFab1qycOJ8B4QlhH
mEUwhRjIfam9TLHzhUeLSym6T6Xr3msfHPN9geayFmG4fmM/7cJOMCg+H4O7fi8H
6ZQYSTRmOh6YymccX/07hA7TQD1IEiBZTZP04Y6AIf/9EqZ8BwDBm1143QWUNo2N
v/4noeOHnG5ohjQHkVeBUayBTy8QifOfAaNWtM7Ln9zhGffOlp1GPQHhbv5c8iK6
uAkIjSc8sJKlPiRzGg9XK0cnsvql63Kx1QSWRxsADlqv1u5h9n2CwVcX3IdG8Pb8
wB/k33yElaumzzOME8mDdD+kgn3/c5Uug1cf+D+sCXivVLY+h6itVIPqf4LIfiTK
TwRKlzbtDJm0pnGwwsDeDCfbNsv6dfMTuh9fMub7hpZhY25/fr0=
=Tm6t
-----END PGP SIGNATURE-----
--- End Message ---
