[DRE-maint] Bug#1111106: marked as done (rails: CVE-2025-55193)

Mon, 15 Sep 2025 22:21:10 -0700 

Your message dated Tue, 16 Sep 2025 07:20:43 +0200
with message-id <[email protected]>
and subject line Re: Accepted rails 2:7.2.2.2+dfsg-1 (source) into unstable
has caused the Debian Bug report #1111106,
regarding rails: CVE-2025-55193
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1111106: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: rails
Version: 2:7.2.2.1+dfsg-7
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for rails.

CVE-2025-55193[0]:
| Active Record connects classes to relational database tables. Prior
| to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or
| similar methods may be logged without escaping. If this is directly
| to the terminal it may include unescaped ANSI sequences. This issue
| has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-55193
    https://www.cve.org/CVERecord?id=CVE-2025-55193
[1] https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: rails
Source-Version: 2:7.2.2.2+dfsg-1

On Mon, Sep 15, 2025 at 11:08:29PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Format: 1.8
> Date: Mon, 15 Sep 2025 15:28:33 -0700
> Source: rails
> Architecture: source
> Version: 2:7.2.2.2+dfsg-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian Ruby Team 
> <[email protected]>
> Changed-By: Soren Stoutner <[email protected]>
> Changes:
>  rails (2:7.2.2.2+dfsg-1) unstable; urgency=medium
>  .
>    * Team upload.
>  .
>    [ Soren Stoutner ]
>    * New upstream release (fixes CVE-2025-24293 and CVE-2025-55193).
>    * debian/control:  Remove "Breaks: ruby-actionpack-action-caching (<< 
> 1.2.2)"
>      (see https://lists.debian.org/debian-ruby/2025/08/msg00017.html).
>    * debian/copyright:
>      - Add Soren Stoutner to the debian/* stanza.
>      - Add Lucas Nussbaum to the debian/* stanza.
>      - Remove the unused GPL license.
>  .
>    [ Lucas Nussbaum ]
>    * Remove unnecessary debian/.gitattributes.
>    * debian/gbp.conf:  Make compliant with DEP-14 defaults.
>    * debian/salsa-ci.yml:  Change to use the team-specific include.
> Checksums-Sha1:
>  0c1695b3f231d1af1f8a4f1e859e576d74a14b92 4684 rails_7.2.2.2+dfsg-1.dsc
>  b2d4083becc6fdef86e817c6e9727033a19b7a9e 8049424 
> rails_7.2.2.2+dfsg.orig.tar.xz
>  cfb3759286d3d9768df5fd60d2a102d6748dcfdd 102344 
> rails_7.2.2.2+dfsg-1.debian.tar.xz
>  79ea7bac1be03645ec2e0b6b080453111ca8df40 26984 
> rails_7.2.2.2+dfsg-1_amd64.buildinfo
> Checksums-Sha256:
>  6ec33e4336fedd57114dcf0b8d03d2080312b46a76f958d5c82b00d00811ed27 4684 
> rails_7.2.2.2+dfsg-1.dsc
>  0fc71b56afdc4721f45bc4c9134f43e71e7a66ea542b674b1f652743da0d760b 8049424 
> rails_7.2.2.2+dfsg.orig.tar.xz
>  1b0acd13609b47d8f79d458a9afd862b390c3f15b15d5b43deabd5aecb4474b1 102344 
> rails_7.2.2.2+dfsg-1.debian.tar.xz
>  32a0da1f3d109323fda11f9eb9627a29002bb55a77e491b4b2fb33ce682a2c6f 26984 
> rails_7.2.2.2+dfsg-1_amd64.buildinfo
> Files:
>  b585e6b235a940c15f2714a290fe1769 4684 ruby optional rails_7.2.2.2+dfsg-1.dsc
>  d02d956d119f37e12fe566a6a217e510 8049424 ruby optional 
> rails_7.2.2.2+dfsg.orig.tar.xz
>  8adf760dec1bb8ae0093cf21f6fb8cb2 102344 ruby optional 
> rails_7.2.2.2+dfsg-1.debian.tar.xz
>  3ab12b014dc01c49ee5129fa770d7bfa 26984 ruby optional 
> rails_7.2.2.2+dfsg-1_amd64.buildinfo
> 
> -----BEGIN PGP SIGNATURE-----
> 
> iQIzBAEBCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmjIlycACgkQwufLJ66w
> tgMHvQ/9FDKlVJrGAKp9HMERsH4JSDyjF+NAE1JoczuGsuTE2lrDARRK/Nqdwhpd
> HJHvgVUunwpM56SZk6zeBVOi/X1bDd6qlV2ff2apnfN+j9a8cmTjgxxI1BOygRlU
> eZ5U9Dv6XuukqhTrlkFTB4oDNzy5j7aebrw918/i2EpOGrEKsZl1iYG4A8UJIg4f
> 5FIzqprZwc6Jy4PS2oNn/FqtmfGXWCjN425cGTXYbNU6M0ZvLiifkIUCwUH9i9vF
> QWhDwGAVxM6uOwVZZXNEOaXIhaC/Ro4YtX7FKZ9b89g1yrlcBDXDTUQ4NodCFLD/
> zCRbjQB/x6sE1+60C92fUoT8Bco88vno8ByGUHefr3sHwzwOlSvz/8XCcQ1EH6T9
> hmfI2sGDZBq1Zyn+pk0PZRfjv8p2K/SQ6+z1bZ+6B1L7nekTr2UAmOKNsvKkF/0r
> JYrry7LhXe9tLOfpGcDWd73edWrXGtqmPuBDqId6/ORa5qAQ7rLLKoC6VrhKLmwZ
> Ydsam+P+XZWwnWV1lIxsMuu8EZQrFxJ3kAR9u5g8TzcwY/hsn9v7cRuue99NxUPv
> /rcMLmp39XHsBO2RrTxkUpwpe2ODlpjn0qb3PES0VS9R4uEp8tqL5wpTGySvAQQz
> Vjlhu8wi1ZEnoG/yo2FI465a10GL5aVfclnzr8tCsndA+WTik1Q=
> =axF+
> -----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers

Reply via email to