Hi, * micah@alioth.debian.org <micah@alioth.debian.org> [2007-11-15 00:34]: > Author: micah > Date: 2007-11-14 23:32:02 +0000 (Wed, 14 Nov 2007) > New Revision: 7301 > > Modified: > data/CVE/list > Log: > complete fix for rails exists in 1.2.5-1 > > Modified: data/CVE/list > =================================================================== > --- data/CVE/list 2007-11-14 21:14:11 UTC (rev 7300) > +++ data/CVE/list 2007-11-14 23:32:02 UTC (rev 7301) > @@ -7255,7 +7255,7 @@ > CVE-2007-3228 (PHP remote file inclusion vulnerability in ...) > NOT-FOR-US: Sitellite CMS > CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json ...) > - - rails 1.2.4-1 (bug #429177) > + - rails 1.2.5-1 (bug #429177) [...] Is this really the case? From what I see we ship in debian/patches: changeset_r6894 and changeset_r6893.1_2_3_modified and the 1.2.5 release fixes some additional regressions. These changesets are in the 1.2.4 package and the patches are those changesets which closed the bug in upstreams trac. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgp_9hRezKiph.pgp
Description: PGP signature