Back to rails PTS page

Accepted rails 2:4.1.8-1+deb8u5 (source all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted rails 2:4.1.8-1+deb8u5 (source all) into oldstable
From: Markus Koschany <apo@debian.org>
Date: Sun, 31 Mar 2019 13:20:25 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1hAaNt-0003p1-5O@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2019 14:51:17 +0200
Source: rails
Binary: ruby-activesupport ruby-activesupport-2.3 ruby-activerecord ruby-activemodel ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails
Architecture: source all
Version: 2:4.1.8-1+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 rails      - MVC ruby based framework geared for web application development (
 ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai
 ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R
 ruby-actionview - framework for handling view template lookup and rendering (part o
 ruby-activemodel - toolkit for building modeling frameworks (part of Rails)
 ruby-activerecord - object-relational mapper framework (part of Rails)
 ruby-activesupport - Support and utility classes used by the Rails 4.1 framework
 ruby-activesupport-2.3 - transitional dummy package
 ruby-rails - MVC ruby based framework geared for web application development
 ruby-railties - tools for creating, working with, and running Rails applications
Changes:
 rails (2:4.1.8-1+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2019-5418 and CVE-2019-5419:
     John Hawthorn of Github discovered a file content disclosure vulnerability
     in Rails, a ruby based web application framework. Specially crafted accept
     headers in combination with calls to `render file:` can cause arbitrary
     files on the target server to be rendered, disclosing the file contents.
     This vulnerability could also be exploited for a denial-of-service attack.
Checksums-Sha1:
 aacbd738477d51cc6dd766c1167fc34265a354a2 2739 rails_4.1.8-1+deb8u5.dsc
 e9fbe2c3e499280296bdc5e9f281d5a1e9ef67dc 100644 rails_4.1.8-1+deb8u5.debian.tar.xz
 b8fa449728552455347a3d76a4466e425f04b4db 205300 ruby-activesupport_4.1.8-1+deb8u5_all.deb
 5d018f6c7a4b79447db1190af505f82a37b17078 11686 ruby-activesupport-2.3_4.1.8-1+deb8u5_all.deb
 00708eebe4a6597130641fbe8b3d86e3840136f5 268062 ruby-activerecord_4.1.8-1+deb8u5_all.deb
 add1f7a8578316f7c5ad59c1852587646b1c90a2 48726 ruby-activemodel_4.1.8-1+deb8u5_all.deb
 ff9da4dbfe754099a28afd89c6a438e7c059056b 141328 ruby-actionview_4.1.8-1+deb8u5_all.deb
 18b5f1b03f61a32efb866dd0f1b8e4f645fd9183 169746 ruby-actionpack_4.1.8-1+deb8u5_all.deb
 522a55b22e7df6cca5fe70610075cf87927ef7bc 31726 ruby-actionmailer_4.1.8-1+deb8u5_all.deb
 e15aee3ac5d42bed416eea406838886eee292b9a 119070 ruby-railties_4.1.8-1+deb8u5_all.deb
 8caf74e8adf47868053cae7cf3925cf32670760a 16792 ruby-rails_4.1.8-1+deb8u5_all.deb
 c14516638ffb181ff7f3af3720a4c37f8434ec3d 11958 rails_4.1.8-1+deb8u5_all.deb
Checksums-Sha256:
 48509ca48a877ac37c262114bba00efb3e588cbe1b1ad3c0265fe95c58b6eabe 2739 rails_4.1.8-1+deb8u5.dsc
 96863ef52afed3457f0994f9602c034599a9d3a3b1138f86f38e0b3574d98dce 100644 rails_4.1.8-1+deb8u5.debian.tar.xz
 028b8cbca1f5170521a991042147278770de4a9620c2718b0e51e3e060ce1387 205300 ruby-activesupport_4.1.8-1+deb8u5_all.deb
 981b08a90d5b2fb07851c1de584ab38bb71a0e145680e40562b6353d0d2e0095 11686 ruby-activesupport-2.3_4.1.8-1+deb8u5_all.deb
 9bfc1d0614af5631ce2c642752253decf3a5c64cde4e94b27d2e73b5956dc239 268062 ruby-activerecord_4.1.8-1+deb8u5_all.deb
 a480c8cc4fa0536b52c8670026b4bfa04f0ee9f0e318fef3eeb0f187c654b27c 48726 ruby-activemodel_4.1.8-1+deb8u5_all.deb
 c2c66aa2a07e8270f6864c04ec4bc0ea004fe7e50cb36d590a92663c85147b66 141328 ruby-actionview_4.1.8-1+deb8u5_all.deb
 d49584b34e04902fd306492c32e253b641fb38bbefdc0cfdf171fc5a44ae3d72 169746 ruby-actionpack_4.1.8-1+deb8u5_all.deb
 bca8f6eab2f8ef83eacb227ab68019faddac628ab72c9a738cfd62168355f5d8 31726 ruby-actionmailer_4.1.8-1+deb8u5_all.deb
 9993d860279e7a22d51335f3f78084008494c71d5aae17dae86c4dafdb5a46d4 119070 ruby-railties_4.1.8-1+deb8u5_all.deb
 4bc702eac204a928db415fa54117395d601caaa2e792ac4c9a6987f7b594263a 16792 ruby-rails_4.1.8-1+deb8u5_all.deb
 151b12dcaa7a6a91b78077cab51c745ae1cf3593e72ac309633b587f10bdc83d 11958 rails_4.1.8-1+deb8u5_all.deb
Files:
 682bb8065bc8f6825996163c05a3eeef 2739 ruby optional rails_4.1.8-1+deb8u5.dsc
 77a49b78a71883ebecf539a4bf925cf3 100644 ruby optional rails_4.1.8-1+deb8u5.debian.tar.xz
 7419b98e34b2d614ac632a91a6b3f99a 205300 ruby optional ruby-activesupport_4.1.8-1+deb8u5_all.deb
 fb57e3c1219a3930823d6ee5eca51573 11686 ruby optional ruby-activesupport-2.3_4.1.8-1+deb8u5_all.deb
 0c4666cb57b2d98530fa40f81c40b8f7 268062 ruby optional ruby-activerecord_4.1.8-1+deb8u5_all.deb
 feb0b6952b126b0080beb1dbe0fe5984 48726 ruby optional ruby-activemodel_4.1.8-1+deb8u5_all.deb
 57d83d62cb85ffe55ab66452c47c7b97 141328 ruby optional ruby-actionview_4.1.8-1+deb8u5_all.deb
 795adc5f555e18725d389199062b787a 169746 ruby optional ruby-actionpack_4.1.8-1+deb8u5_all.deb
 fff2d02ed2486287db39e66d3062a2ee 31726 ruby optional ruby-actionmailer_4.1.8-1+deb8u5_all.deb
 bf59692cce72e4bca233e2f6d9fc50df 119070 ruby optional ruby-railties_4.1.8-1+deb8u5_all.deb
 8b3395c7b9503e79fcffa989d3ac0b3d 16792 ruby optional ruby-rails_4.1.8-1+deb8u5_all.deb
 4d2e5f8b5f1c22898012c9011c8a22e8 11958 ruby optional rails_4.1.8-1+deb8u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlygukJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkSggQAJb0cQ66GEEqZUqMyNrNbj5+0jgmwzSj+a2w
n7PjAEFZ2Hsm7t3k29XsEO2AI/2swCuLVnX+AnUpQDxCmaYAKrzlCufMfNAR9ERv
CqM/AxR1QUhQFOBtqIfIVquRmo+0asCXIJk+/sQFvuqCvd/kYuEQ12ccODbRH+AO
Gph2KT/fpNNJtBTVlBBdLw83fs4bMVZQzeI/JDQXkXqRuwNKrIphe0fTa+6gwwMx
ZrS2V7/hpF8Eh/Aj5pS6eHwInxZciHSqJq2PDrHm+dqsokPsM6fcaU7WlDw5Uz3r
Y+60zO26dqPu1J9tghHl217E1mneXFps9drXEh6XiNFp+7YpFP4rJRmX183sJ4ZM
bZ3VaozPjdQtCrhc+9MRiEa9Tlg7RfGlSZ5J6Lof1b0qYiNrEvwEL8FBHkujsIcA
NyWFIn12wNlsBiK54uu7ogx8C8j6i7xeFvpjpwhxQHnDdMDv7XLnDEcUhm+lKpAg
oiusuBJPuai+8e8OlrdjdvWrKDkXTyw64ttdHxZOGws/ItpL7xWqU/Lna1tMkpyU
+xt+zvoQ7aaq6MHd09a5NWD/AZjPKPOd5vDZi/pWMb0FKK8mXGwI0waERatP0iiv
A60oL28uvVkzhCAc+v7i1hQjyeYhT+Jcgvhh4QQcSJvZrKrjM8Qjd8cN0tgv4t+4
bL9U/7aV
=wovO
-----END PGP SIGNATURE-----