Accepted rails 2:6.0.3.7+dfsg-2+deb11u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted rails 2:6.0.3.7+dfsg-2+deb11u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 15 Mar 2023 20:37:10 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: rails_6.0.3.7+dfsg-2+deb11u1_source.changes
- Debian-source: rails
- Debian-suite: proposed-updates
- Debian-version: 2:6.0.3.7+dfsg-2+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=wMeI2Cqu1Hdx1wqV4ba1LRMubzVCKS4tOTZN2iigl3I=; b=K4M7Hp7XFmfh8EirMAiOIl42WJ yQB+ZF0EJNYWVAYgGh5kbYCcBEgD46rHZcHKI7b4nzHL4jh8G6r8QjaC0S9ijlfZQU2FB0VqLLTzv E0vAhmdLy18og4IwHvoo12rxEx/rMo4xuauhgwBEZHkqPBb2VKI1yWls88Rr7eT7qJrQlvpBW/7/q YeonbC2W1hGhrIXaQyjh9oZzUx07kW4ZScqqA0J2ORxTzHGB9CYrXrF4qozDLU7RbLz9MtUIvBGTC 8uwj+sHyPJwgAGw88nkVFUR79g9EcizgWydDc7PX0OZXkY/jJaGZmp5OXCmduKJWqizETLU5QeD97 Ce8KzUQQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pcXry-007ygy-Fa@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 11 Mar 2023 14:53:57 +0800
Source: rails
Architecture: source
Version: 2:6.0.3.7+dfsg-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Changes:
rails (2:6.0.3.7+dfsg-2+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2021-22942: possible open redirect vulnerability in the Host
Authorization middleware.
* CVE-2021-44528: specially crafted "X-Forwarded-Host" headers in
combination with certain "allowed host" formats can lead to
redirection of users to a malicious website.
* CVE-2022-21831: code injection in Active Storage.
* CVE-2022-22577: XSS in Action Pack which can lead to bypass CSP
for non HTML like responses.
* CVE-2022-23633: thread local state for the next request may not be
reset when the response body has been fully closed.
* CVE-2022-27777: XSS in Action View which can lead to content
injection.
* CVE-2023-22792: regular expression based DoS with specially crafted
cookies and X_FORWARDED_HOST headers.
* CVE-2023-22794: malicious user input may be sent to the database
with insufficient sanitization and be able to inject SQL outside of
the comment.
* CVE-2023-22795: regular expression based DoS related to crafted
If-None-Match header.
* CVE-2023-22796: regular expression based DoS related to the
underscore method.
Checksums-Sha1:
b541e3209e3650a2ca95b26f0d76b550ddde085f 4492 rails_6.0.3.7+dfsg-2+deb11u1.dsc
c93bf6d051c280503aea30877f686f20c5118483 13967752 rails_6.0.3.7+dfsg.orig.tar.xz
639f5aa7352e446c9f42fb2dc2fd0c85531e791d 113984 rails_6.0.3.7+dfsg-2+deb11u1.debian.tar.xz
db9f3028c631454624bb900e5dde5105e9d217ab 9072 rails_6.0.3.7+dfsg-2+deb11u1_source.buildinfo
Checksums-Sha256:
a90366baf4c11ba2d9face895c783f06f7075b0da5a81131f8882b0ace03384a 4492 rails_6.0.3.7+dfsg-2+deb11u1.dsc
f1adfb152227b0b840a85f3c326db91191149021adb2c5afbed99c6d32a94582 13967752 rails_6.0.3.7+dfsg.orig.tar.xz
6f5a471ad04622fda041ac8241111d88730d8e934a8d01cb26470209e7cd30dd 113984 rails_6.0.3.7+dfsg-2+deb11u1.debian.tar.xz
a1253e2781690625ddbf4039c7f85b822d89ed89970f37d7e090ea5ab5346e90 9072 rails_6.0.3.7+dfsg-2+deb11u1_source.buildinfo
Files:
288481e447229dc6e73ecf4b728b336b 4492 ruby optional rails_6.0.3.7+dfsg-2+deb11u1.dsc
9a2058e157560ede7b3a206d6f521d84 13967752 ruby optional rails_6.0.3.7+dfsg.orig.tar.xz
9a682a00d1d058af4e97f4e50528be44 113984 ruby optional rails_6.0.3.7+dfsg-2+deb11u1.debian.tar.xz
7f853c4d418e73231343051a7965c3fb 9072 ruby optional rails_6.0.3.7+dfsg-2+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmQMrZwACgkQO1LKKgqv
2VQipgf+IbQIIHlQM6XbDT2Gwg+Wjq2yfXMBLk7V3QIzTws/5agVS2gFELo8x+oY
o6oOf0o7QHhfs2K0nC5Vppup0JZ2vOBxM2TBGXUB2qn/EnwZtdr/RNkee1wKomdb
oPZSxGEfhfE6cH0ic7NCm0u//1Hla6iaHpOSgFmV2RtkpbIf9Vn7toHEmn3YX2xM
RjVVbtrwKoCh6omN1UD6wjNtXS3uTzke4Rr4A31/lsjkPBkReICxa5ZpVoXjY5/1
V4Yraw9Evfz1tjQo5J3lkQ/C3ZqqK99w75Rs/jCcFosRusksojvvcLO1ZItacZi4
lGxiE0Si9e7nymwTeZbA6C9Q+G2jIQ==
=fIve
-----END PGP SIGNATURE-----