Your message dated Tue, 23 Aug 2022 19:07:03 +0000 with message-id <e1oqzet-0072ov...@fasolo.debian.org> and subject line Bug#1016982: fixed in rails 2:6.1.6.1+dfsg-1 has caused the Debian Bug report #1016982, regarding rails: CVE-2022-27777 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1016982: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rails X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for rails. CVE-2022-27777[0]: | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < | 5.2.0 which would allow an attacker to inject content if able to | control input into specific attributes. Fixed by: https://github.com/rails/rails/commit/123f42a573f7fcbf391885c135ca809f21615180 (v6.1.5.1) Regression fix: https://github.com/rails/rails/commit/7c2da9e51c5c02643f30d83aaad3ed5062adcad8 (6.1.6) Fixed by: https://github.com/rails/rails/commit/36a6dad07d572a0098c29d6d96a226638a7caa38 (v6.0.4.8) Regression fix: https://github.com/rails/rails/commit/1b5df893d82a27da907e9b8b75deff13179d1df3 (v6.0.5) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-27777 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: rails Source-Version: 2:6.1.6.1+dfsg-1 Done: Gabriela Pivetta <gpivett...@gmail.com> We believe that the bug you reported is fixed in the latest version of rails, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1016...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gabriela Pivetta <gpivett...@gmail.com> (supplier of updated rails package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 18 Aug 2022 15:46:46 -0300 Source: rails Architecture: source Version: 2:6.1.6.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Team <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Gabriela Pivetta <gpivett...@gmail.com> Closes: 1011941 1016140 1016982 Changes: rails (2:6.1.6.1+dfsg-1) unstable; urgency=medium . [ Pirate Praveen ] * Remove <!nocheck> build profile from runtime dependencies. . [ Utkarsh Gupta ] * New upstream version 6.1.6.1+dfsg. (Fixes: CVE-2022-22577, CVE-2022-27777, CVE-2022-32224) (Closes: #1011941, #1016982, #1016140) * d/control: Update minimum version of ruby-selenium-webdriver to 4.0.0 for autopkgtest. :) . [ Gabriela Pivetta ] * d/p/activerecord-add-missing-require-statements.patch: Drop patch that has been merged upstream. * d/patches: Refresh patches. Checksums-Sha1: f4dc127f282f34879bbcf2a5755668e0a72c586a 4798 rails_6.1.6.1+dfsg-1.dsc e715921994f93ed9f2cb4f4ce5925628e15d4519 8173652 rails_6.1.6.1+dfsg.orig.tar.xz 252352526d551285d44dbee7b4f4f69fa76fa058 101584 rails_6.1.6.1+dfsg-1.debian.tar.xz 5a5e0478cd61d571e5d11d90b07774066e94d89a 14728 rails_6.1.6.1+dfsg-1_source.buildinfo Checksums-Sha256: 8d507d77b39212eabc415e7d0598ae4d0412541dd207423cf824f1ab266678b9 4798 rails_6.1.6.1+dfsg-1.dsc 6d17ff42c877d7490a6e832f1dc540178bc9203083d7a487a2d6ce809adb1b10 8173652 rails_6.1.6.1+dfsg.orig.tar.xz 7967178486539c5c3105253bcdb9ffb0b11a6cf0abb0cf4e113073612bc0f7c1 101584 rails_6.1.6.1+dfsg-1.debian.tar.xz e99aa9f9aedccc59a88562a4af6f407dd4cc57730d082229832f0e56e394b242 14728 rails_6.1.6.1+dfsg-1_source.buildinfo Files: 837d10aac534854f5302931b68376a9a 4798 ruby optional rails_6.1.6.1+dfsg-1.dsc 8eb8019844e018cf1e1356c3fbab51c9 8173652 ruby optional rails_6.1.6.1+dfsg.orig.tar.xz 787e0c20b8d27ba0e5a24f7f98c87583 101584 ruby optional rails_6.1.6.1+dfsg-1.debian.tar.xz c325a6a49df70054ef8bda47c034ce1e 14728 ruby optional rails_6.1.6.1+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmMFHdkACgkQgj6WdgbD S5YDiBAAxo9hLFbfh3mQJCRbFpuEXnMUfq584G/hyg6mRuE8rU2SkoTe0NvTNp8p 5rVeepxnFH+yUnb8Br8BTtTi6kaFf3yBUcJi29zLO5BeEFj6V1gZECa+DVztpGgN 1djhCDYKVB7lYXx5rCAVU8TurjPXhXnQ3XO6958UE1renItAv/B3KHZY/gd8XzFw z2EYXV5Hd4vo9KSWGiaG/RWD8AJajICs/IqjDNHyNGepvhR+6o3Jtor/1ZHRTdIE IUqVtq8XQDvvuk+Z+NPqkEVXwLELg/H8nNyJGzSTrks4szG5ZyB7toziArV4Q0Dg t5bm7Fp9N1flyat2zLTgkH9yteEA56f91Z5wrZeRNMNvAUtGtXmOQGQsgpWriwWL jc+JsCWF+iMmJLmoJfEvNRY8uHp9wlh0xQ2U/CPE23Mu8xz3ZHJv67YPHs7Cxvb1 +BGuM/xVu7kd9iMiYpKImqoj54Rf1WVEOF5LDmQ3s7EomgAgte8Iy3p5zX/AK73o HbVPwJS5jKOS1b6cA2ejDX2mEnenv/mLFtjWHME4uaBHhn2F7j1/l5SRfPDINerO DX+xC1TkNAsHS/rdn8u0+iONcLPgonWhMl8spzgY7ZydA6YtdsOEIX+8oowlWLTo Kwv8dxj4+O3syXhb9qRP7M7xICyVeRP1DoGqD9Tc02ASnP9vrrY= =SPww -----END PGP SIGNATURE-----
--- End Message ---
