Accepted rails 1.2.4-1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 08 Oct 2007 11:27:25 -0500
Source: rails
Binary: rails
Architecture: source all
Version: 1.2.4-1
Distribution: unstable
Urgency: low
Maintainer: Adam Majer <adamm@zombino.com>
Changed-By: Adam Majer <adamm@zombino.com>
Description:
rails - MVC ruby based framework geared for web application development
Closes: 429177
Changes:
rails (1.2.4-1) unstable; urgency=low
.
* New upstream release. Fixes at least 2 XSS bugs.
+ Secure #sanitize, #strip_tags, and #strip_links helpers against
xss attacks. Upstream changeset 7589
+ to_json did not escape values which allows for XSS. Applied
upstream changesets 6893, 6894. This bug as also been assigned
designation CVE-2007-3227 (closes: #429177)
* Add dependency on Sqlite3 as ActiveRecord supports this DB as
well
* Add dependency on libmocha which is needed by some unit tests
Files:
b73923f4639c2afd4909ba140b77ce97 607 web optional rails_1.2.4-1.dsc
f252dac383d3d8a8bcab0f2f81ad2fa0 1596239 web optional rails_1.2.4.orig.tar.gz
7b5d62cd3c359ad2570f223729b3a3ae 27130 web optional rails_1.2.4-1.diff.gz
4ba82161b80044ded100516688fd6efc 2283342 web optional rails_1.2.4-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHC8Xl73/bNdaAYUURAthMAJ9nERGJOOhRDRZsC4gjeM/0hUbjKgCgkBO7
Lkb9CrtTnLIapvOtg9BTtvQ=
=Gt2c
-----END PGP SIGNATURE-----
Accepted:
rails_1.2.4-1.diff.gz
to pool/main/r/rails/rails_1.2.4-1.diff.gz
rails_1.2.4-1.dsc
to pool/main/r/rails/rails_1.2.4-1.dsc
rails_1.2.4-1_all.deb
to pool/main/r/rails/rails_1.2.4-1_all.deb
rails_1.2.4.orig.tar.gz
to pool/main/r/rails/rails_1.2.4.orig.tar.gz
Reply to: