Unblock request for rails

To: debian-release@lists.debian.org
Subject: Unblock request for rails
From: Adam Majer <adamm@zombino.com>
Date: Wed, 24 Sep 2008 12:00:01 -0500
Message-id: <[🔎] 48DA7211.1000101@zombino.com>

Please unblock rails 2.1.0-4 to enter testing. The changes are only,

  * binary data corruption fix on PostgreSQL + byea columns

* MySQL SQL injection in :limit and :offset - the patch is fromupstream and was the next patch after they tagged 2.1.0. They have notreported this on their security mailing list (bug June 1st) or anywhereuntil I saw the bug on secunia advisory over 2.5 months later [1][2].

To view the patches, you can diff the tree, or just look at thecommitdiffs at,


http://git.debian.org/?p=collab-maint/rails.git;a=shortlog;h=refs/heads/debian-lenny


- Adam

[1] http://rails.lighthouseapp.com/projects/8994/tickets/288
[2] http://secunia.com/advisories/31875/

Reply to:

Follow-Ups:
- Re: Unblock request for rails
  - From: Luk Claes <luk@debian.org>

Prev by Date: Freeze exception for radvd-1.1-3
Next by Date: Re: please unblock emms-3.0-4
Previous by thread: Re: Freeze exception for radvd-1.1-3
Next by thread: Re: Unblock request for rails
Index(es):
- Date
- Thread