-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 02 Sep 2009 18:46:46 -0500 Source: rails Binary: rails Architecture: source all Version: 2.1.0-7 Distribution: stable-security Urgency: high Maintainer: Adam Majer <ad...@zombino.com> Changed-By: Adam Majer <ad...@zombino.com> Description: rails - MVC ruby based framework geared for web application development Changes: rails (2.1.0-7) stable-security; urgency=high . * Fix XSS vulnerability in the escaping code for the form helpers in Ruby on Rails. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML [CVE-2009-3009] Checksums-Sha1: d6b1d7f9307d7a86de6b36538aca4a4e5ea92195 1953333 rails_2.1.0.orig.tar.gz e1e867423fcd9c6fdde44ea5f644b690312ec034 1203 rails_2.1.0-7.dsc 8e2b76032be0891888eeb45c23527f5e9666e6fa 17520 rails_2.1.0-7.diff.gz ead5cb1769162d99bd9629cd47e2f1322826c1a0 2374598 rails_2.1.0-7_all.deb Checksums-Sha256: c573af0c416f7580cb8c37b4e7cbda8ac7bf17569f5e72a3fab3cf524f0659aa 1953333 rails_2.1.0.orig.tar.gz ee0ac5ff33af5407d73c1c7e6387116bb3c2d7732dd0bdc4fca73919be300fb6 1203 rails_2.1.0-7.dsc a456c8ea451a5547e08587d9e5cc4095a8ae99579371d026a18dfeb5040f5381 17520 rails_2.1.0-7.diff.gz ae135a3be4ed1230dbe2af88a1e3f622a21423b77ffe2d3a91198a0b4ac8b462 2374598 rails_2.1.0-7_all.deb Files: edcc03e7177e1557653fcb92c90db0d1 1953333 web optional rails_2.1.0.orig.tar.gz 60d2bd20b3dae00c2675ed1d45ee99af 1203 web optional rails_2.1.0-7.dsc 866f4225a0496c3a2fbeae5da52b36a9 17520 web optional rails_2.1.0-7.diff.gz 0a1648b6ff0105c4969f54f8c8bed8af 2374598 web optional rails_2.1.0-7_all.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqjS3kACgkQ73/bNdaAYUXVWgCfepK5Ljjq66WBWCTlUq9QPUbu vLkAniceZJxkeUEzgI1lk/DrojNL+6In =OUEV -----END PGP SIGNATURE----- Accepted: rails_2.1.0-7.diff.gz to pool/main/r/rails/rails_2.1.0-7.diff.gz rails_2.1.0-7.dsc to pool/main/r/rails/rails_2.1.0-7.dsc rails_2.1.0-7_all.deb to pool/main/r/rails/rails_2.1.0-7_all.deb -- To UNSUBSCRIBE, email to debian-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org