[SECURITY] [DLA 496-1] ruby-activerecord-3.2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : ruby-activerecord-3.2
Version : 3.2.6-5+deb7u2
CVE ID : CVE-2015-7577
Debian Bug : N/A
CVE-2015-7577
activerecord/lib/active_record/nested_attributes.rb in Active Record
does not properly implement a certain destroy option, which allows
remote attackers to bypass intended change restrictions by leveraging
use of the nested attributes feature.
For Debian 7 "Wheezy", this problem have been fixed in version
3.2.6-5+deb7u2.
We recommend that you upgrade your ruby-activerecord-3.2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Folkebogatan 26 \
| ola@inguza.com 654 68 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26 0A6A 5E90 DCFA 9426 876F /
---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJXTLVBAAoJEF6Q3PqUJodvPL8P+wbYvgnTxcd2YiGv5fITLhmU
A+SGv4IfnGbpcRGQxX45BElmIiJLlQI1Uq0RemYxtEWEXKHP1n+eGc/dy4kLyHW1
qHfMZw+Tvj80wC+4h98NUPQ3N46d+26NqmPeKb96wbTB1mFtE+phT7SoDxyr4akF
knMXC1scIKcNZeyO9Se2rmMcFp4Dz5fYuCWVy/tLfZeLbt44fF0VssC03PFQa9+w
63ROQ1Ej6+XlgauOTmC+cacZPqZ1P+D7vS9/XFJPhLmxkAHmlmEVHOoF1cBf55MH
dbVBZeKHMrMHebUzOl6HfQzldssySck35HwfMiF5pDD2NkTyXrvfW7n56QdbSH/2
6Ujsf+EhHkN89cHJ03G6obwDEVy2fxyx8nfH+kfEKGhWdXmTaqSasmylKl6vF7KW
kPd+KoX6V3lV9EvmGQNDPGOuwyeDM2H5KcwC7d50q8tJfcSQD0KWMw0jezF3M/R4
M3fQanWd+SmmZfctGkbWFwpeSDa7GfeKmIHRs5gZyxhgwP6JtFPfatkewlKziAUL
v+ppLV5Qao6/5sQw9vb4b96mDWlzIey6tR66fvq1WdKOrDACrvkyPfxDkqoe8AjW
wqaAPz3pdVD0h9Iitrku3RudHEjBm1N0Sbt+3EqzTPydLWyJcQFW2zL4kTwUonHd
5EvVz/NxYPxZfVmZ/fsV
=j3AP
-----END PGP SIGNATURE-----
Reply to: