Bug#1011940: marked as done (rails: CVE-2022-21831 code injection vulnerability exists in Active Storage)

Mon, 20 Jun 2022 12:33:20 -0700 

Your message dated Mon, 20 Jun 2022 21:31:57 +0200
with message-id <[email protected]>
and subject line Accepted rails 2:6.1.4.7+dfsg-1 (source) into unstable
has caused the Debian Bug report #1011940,
regarding rails: CVE-2022-21831 code injection vulnerability exists in Active 
Storage
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1011940: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: rails
Version: 2:6.1.4.6+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team 
<[email protected]>

Hi,

The following vulnerability was published for rails.

CVE-2022-21831[0]:
| A code injection vulnerability exists in the Active Storage &gt;=
| v5.2.0 that could allow an attacker to execute code via
| image_processing arguments.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-21831
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

Please adjust the affected versions in the BTS as needed.


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.17.0-2-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message --- 
Source: rails
Source-Version: 2:6.1.4.7+dfsg-1

----- Forwarded message from Debian FTP Masters 
<[email protected]> -----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jun 2022 23:48:08 +0530
Source: rails
Architecture: source
Version: 2:6.1.4.7+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team 
<[email protected]>
Changed-By: Pirate Praveen <[email protected]>
Closes: 1013218
Changes:
 rails (2:6.1.4.7+dfsg-1) unstable; urgency=medium
 .
   * Team upload.
   * Update filenamemangle in watch file regex
   * New upstream version 6.1.4.7+dfsg (Fixes: CVE-2022-21831)
   * Convert rails-ujs.coffee to js using coffee command line and pass
     javascript code to blade tool instead of directly passing coffeescript.
     This fixes build failure caused by coffeescript 2 outputting ES6
     (Closes: #1013218)
Checksums-Sha1:
 22f2bc060ca7285e2a50391e62032f4cb99bbebb 4860 rails_6.1.4.7+dfsg-1.dsc
 470c4cd31b581ffd51e4b63acad41151360516ab 8154724 rails_6.1.4.7+dfsg.orig.tar.xz
 56dbd6407785bbf27293b29f1c7f6dee5efba5b6 101840 
rails_6.1.4.7+dfsg-1.debian.tar.xz
 bc0d5313e5604309f3993c8c9ffe70494cc27e67 33070 
rails_6.1.4.7+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 c6479066c702924fcfb64e94e62cd98229b2c3572f6f47a0f3f83811bd8df6b4 4860 
rails_6.1.4.7+dfsg-1.dsc
 a3cde8c4477fea19dcd9ea47752fae14f46cb62f7468689ffbf922bd2d20b023 8154724 
rails_6.1.4.7+dfsg.orig.tar.xz
 02c3c2b63d2db77d0ecfde836f077423bc320d067e23600578875d06b615f521 101840 
rails_6.1.4.7+dfsg-1.debian.tar.xz
 d49131d4cd478991151561db4e7bbf5d3490534f26ef7dc67b314ac474f6c38b 33070 
rails_6.1.4.7+dfsg-1_amd64.buildinfo
Files:
 7ac00565f5735acaf90aa90d2ca3c6b0 4860 ruby optional rails_6.1.4.7+dfsg-1.dsc
 d61e0da527700bf4ac1122bc4bf179f4 8154724 ruby optional 
rails_6.1.4.7+dfsg.orig.tar.xz
 d2ab314c70119e5e993cbe15e3d371d3 101840 ruby optional 
rails_6.1.4.7+dfsg-1.debian.tar.xz
 d7fbbae846a5ad6e65578fde9dd4f1a4 33070 ruby optional 
rails_6.1.4.7+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0whj4mAg5UP0cZqDj1PgGTspS3UFAmKwvDkACgkQj1PgGTsp
S3VFKQ//WR2RpxZoo/FzPzQ6JIQ/QAoQtlehlXBn8C7wF2Pucjz0TZLM7LQF4Y64
Cfw21v0x9mRyOQokKkgZLogyHlSO0nO3P+2g7CBW7ITG4WAnKzXCaTS9Fm+haQz3
0JvJAczCOavchjxiNiR0MlXfjLOvF033Po87f7uEl312XlRbcfuKgp6cX3CPAA6H
6g1MgRSIqun02SZMq7vGy6eeivl3RML26ZK9ze/I/OeT23Dvjqo7sj5oBmidHER+
y/sOHtbgPdmV1JupWnEN5gStPehcuCY2HoyMwUb+7Zy3iC0onnt+9Y00UIFH+qnI
xMeaLn7IVKAZNDXIQwI6thpfGL+uX4fDrYLMyJHxhWezqnUevHQjCTGkBmVfUiH4
jFdJMvoXCk+/+QMXJ58MlK/cwGmvbH/u+WftdfkZm9QPTHiSdyl2HJNz5FzzoQyy
K5bwCElv4+JUqbJFPm4ETr9cQLDBg4ZX2qk8+hl/I9gMaKJV4mcSFfWab8tiXVEp
hHi2bn/qLfGiyHy4Nwa344LET9VoG8QYJYjwTcVpxEYS21Pdn/Sd20ENycUUbc0i
y22Jod+UGBonOsD9YBrk5zUrWIlxD+xJTT6fEYrGqp60CvCqGF3eZsnGqud3cRJf
+ACloKI4RMuKrynHwo2esjv7fa/kWI82ntsEfjoJWX5hHaUqZac=
=Y6+b
-----END PGP SIGNATURE-----


----- End forwarded message -----

--- End Message ---

Reply via email to