Bug#546917: marked as done (RM: rails/1.1.6-3)

To: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>
Subject: Bug#546917: marked as done (RM: rails/1.1.6-3)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 22 May 2010 11:15:07 +0000
Message-id: <handler.546917.D546917.127452680018372.ackdone@bugs.debian.org>
References: <E1OFmdq-0002Vv-Vm@ries.debian.org> <20090916130448.23836.28565.reportbug@localhost.localdomain>

Your message dated Sat, 22 May 2010 11:13:18 +0000
with message-id <E1OFmdq-0002Vv-Vm@ries.debian.org>
and subject line Bug#546917: Removed package(s) from oldstable
has caused the Debian Bug report #546917,
regarding RM: rails/1.1.6-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
546917: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546917
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: RM: rails/1.1.6-3
From: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Wed, 16 Sep 2009 23:04:48 +1000
Message-id: <20090916130448.23836.28565.reportbug@localhost.localdomain>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: rm

  On Wed, 16 Sep 2009 02:47:38 am Steffen Joeris wrote:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-1887-1                  security@debian.org
> http://www.debian.org/security/                      Steffen Joeris
> September 15, 2009                    http://www.debian.org/security/faq
> ------------------------------------------------------------------------
> 
> Package        : rails
> Vulnerability  : missing input sanitising
> Problem type   : remote
> Debian-specific: no
> CVE Id         : CVE-2009-3009
> Debian Bug     : 545063
> 
> 
> Brian Mastenbrook discovered that rails, the MVC ruby based framework
> geared for web application development, is prone to cross-site scripting
> attacks via malformed strings in the form helper.
> 
> 
> For the stable distribution (lenny), this problem has been fixed in
> version 2.1.0-7.
> 
> For the oldstable distribution (etch) security support has been
> discontinued. It has been reported that rails in oldstable is unusable
> and several features that are affected by security issues are broken due
> to programming issues. It is highly recommended to upgrade to the
> version in stable (lenny).
Please schedule rails for removal from etch in the next oldstable point 
release. According to the maintainer it is unusable.
Adam, please make sure that we can support the current rails in lenny and the 
new one in squeeze for a while (including oldstable-security support).

Cheers
Steffen

--- End Message ---

--- Begin Message ---

To: 546917-close@bugs.debian.org
Cc: rails@packages.debian.org, rails@packages.qa.debian.org
Subject: Bug#546917: Removed package(s) from oldstable
From: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>
Date: Sat, 22 May 2010 11:13:18 +0000
Message-id: <E1OFmdq-0002Vv-Vm@ries.debian.org>

We believe that the bug you reported is now fixed; the following
package(s) have been removed from oldstable:

     rails |    1.1.6-3 | source, all

------------------- Reason -------------------
RoOSRM: security and usability issues
----------------------------------------------

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 546917@bugs.debian.org.

The full log for this bug can be viewed at http://bugs.debian.org/546917

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Mark Hymers (the ftpmaster behind the curtain)

--- End Message ---

Reply to:

Prev by Date: Bug#580412: marked as done (RM: memories/oldstable -- RoQA; depends on removed libclass-dbi-loader-relationship-perl)
Next by Date: Bug#548106: marked as done (RM: destar/oldstable -- security issues, abandoned upstream, unmaintained)
Previous by thread: Bug#580412: marked as done (RM: memories/oldstable -- RoQA; depends on removed libclass-dbi-loader-relationship-perl)
Next by thread: Bug#548106: marked as done (RM: destar/oldstable -- security issues, abandoned upstream, unmaintained)
Index(es):
- Date
- Thread