Accepted rails 1.2.5-1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 14 Oct 2007 21:12:34 -0500
Source: rails
Binary: rails
Architecture: source all
Version: 1.2.5-1
Distribution: unstable
Urgency: high
Maintainer: Adam Majer <adamm@zombino.com>
Changed-By: Adam Majer <adamm@zombino.com>
Description:
rails - MVC ruby based framework geared for web application development
Changes:
rails (1.2.5-1) unstable; urgency=high
.
* This is a new upstream release that addresses problems not
corrected in 1.2.4 or regressions.
+ to_json XSS [CVE-2007-3227] is really closed now
+ Potential Information Disclosure or DoS with Hash#from_xml
[CVE-2007-5379]
+ Session Fixation attacks. [CVE-2007-5380] URL based sessions are
now disabled by default. Session ids are only accepted from
cookies by default now.
[Micah Anderson]
* Urgency set to high due to security issues addressed
Files:
8969b125be7449232c9f00af1cfcdc01 607 web optional rails_1.2.5-1.dsc
f3504e64530737fe20b0531a1fd3c456 1598999 web optional rails_1.2.5.orig.tar.gz
a4fbc6914535d2eaddf0a1dbb7950ffa 27432 web optional rails_1.2.5-1.diff.gz
4f356d07837d6d4c22bd76254496e2c7 2286106 web optional rails_1.2.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHO5CD9n4qXRzy1ioRAsDjAKClpPaYMPOU1w8C8tKDtQUe6d44DwCfS7Yf
6HN3zowbrfSKXtnHjiomYys=
=s1O3
-----END PGP SIGNATURE-----
Accepted:
rails_1.2.5-1.diff.gz
to pool/main/r/rails/rails_1.2.5-1.diff.gz
rails_1.2.5-1.dsc
to pool/main/r/rails/rails_1.2.5-1.dsc
rails_1.2.5-1_all.deb
to pool/main/r/rails/rails_1.2.5-1_all.deb
rails_1.2.5.orig.tar.gz
to pool/main/r/rails/rails_1.2.5.orig.tar.gz
Reply to: