-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2019 14:51:17 +0200 Source: rails Binary: ruby-activesupport ruby-activesupport-2.3 ruby-activerecord ruby-activemodel ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails Architecture: source all Version: 2:4.1.8-1+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: rails - MVC ruby based framework geared for web application development ( ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R ruby-actionview - framework for handling view template lookup and rendering (part o ruby-activemodel - toolkit for building modeling frameworks (part of Rails) ruby-activerecord - object-relational mapper framework (part of Rails) ruby-activesupport - Support and utility classes used by the Rails 4.1 framework ruby-activesupport-2.3 - transitional dummy package ruby-rails - MVC ruby based framework geared for web application development ruby-railties - tools for creating, working with, and running Rails applications Changes: rails (2:4.1.8-1+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-5418 and CVE-2019-5419: John Hawthorn of Github discovered a file content disclosure vulnerability in Rails, a ruby based web application framework. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. This vulnerability could also be exploited for a denial-of-service attack. Checksums-Sha1: aacbd738477d51cc6dd766c1167fc34265a354a2 2739 rails_4.1.8-1+deb8u5.dsc e9fbe2c3e499280296bdc5e9f281d5a1e9ef67dc 100644 rails_4.1.8-1+deb8u5.debian.tar.xz b8fa449728552455347a3d76a4466e425f04b4db 205300 ruby-activesupport_4.1.8-1+deb8u5_all.deb 5d018f6c7a4b79447db1190af505f82a37b17078 11686 ruby-activesupport-2.3_4.1.8-1+deb8u5_all.deb 00708eebe4a6597130641fbe8b3d86e3840136f5 268062 ruby-activerecord_4.1.8-1+deb8u5_all.deb add1f7a8578316f7c5ad59c1852587646b1c90a2 48726 ruby-activemodel_4.1.8-1+deb8u5_all.deb ff9da4dbfe754099a28afd89c6a438e7c059056b 141328 ruby-actionview_4.1.8-1+deb8u5_all.deb 18b5f1b03f61a32efb866dd0f1b8e4f645fd9183 169746 ruby-actionpack_4.1.8-1+deb8u5_all.deb 522a55b22e7df6cca5fe70610075cf87927ef7bc 31726 ruby-actionmailer_4.1.8-1+deb8u5_all.deb e15aee3ac5d42bed416eea406838886eee292b9a 119070 ruby-railties_4.1.8-1+deb8u5_all.deb 8caf74e8adf47868053cae7cf3925cf32670760a 16792 ruby-rails_4.1.8-1+deb8u5_all.deb c14516638ffb181ff7f3af3720a4c37f8434ec3d 11958 rails_4.1.8-1+deb8u5_all.deb Checksums-Sha256: 48509ca48a877ac37c262114bba00efb3e588cbe1b1ad3c0265fe95c58b6eabe 2739 rails_4.1.8-1+deb8u5.dsc 96863ef52afed3457f0994f9602c034599a9d3a3b1138f86f38e0b3574d98dce 100644 rails_4.1.8-1+deb8u5.debian.tar.xz 028b8cbca1f5170521a991042147278770de4a9620c2718b0e51e3e060ce1387 205300 ruby-activesupport_4.1.8-1+deb8u5_all.deb 981b08a90d5b2fb07851c1de584ab38bb71a0e145680e40562b6353d0d2e0095 11686 ruby-activesupport-2.3_4.1.8-1+deb8u5_all.deb 9bfc1d0614af5631ce2c642752253decf3a5c64cde4e94b27d2e73b5956dc239 268062 ruby-activerecord_4.1.8-1+deb8u5_all.deb a480c8cc4fa0536b52c8670026b4bfa04f0ee9f0e318fef3eeb0f187c654b27c 48726 ruby-activemodel_4.1.8-1+deb8u5_all.deb c2c66aa2a07e8270f6864c04ec4bc0ea004fe7e50cb36d590a92663c85147b66 141328 ruby-actionview_4.1.8-1+deb8u5_all.deb d49584b34e04902fd306492c32e253b641fb38bbefdc0cfdf171fc5a44ae3d72 169746 ruby-actionpack_4.1.8-1+deb8u5_all.deb bca8f6eab2f8ef83eacb227ab68019faddac628ab72c9a738cfd62168355f5d8 31726 ruby-actionmailer_4.1.8-1+deb8u5_all.deb 9993d860279e7a22d51335f3f78084008494c71d5aae17dae86c4dafdb5a46d4 119070 ruby-railties_4.1.8-1+deb8u5_all.deb 4bc702eac204a928db415fa54117395d601caaa2e792ac4c9a6987f7b594263a 16792 ruby-rails_4.1.8-1+deb8u5_all.deb 151b12dcaa7a6a91b78077cab51c745ae1cf3593e72ac309633b587f10bdc83d 11958 rails_4.1.8-1+deb8u5_all.deb Files: 682bb8065bc8f6825996163c05a3eeef 2739 ruby optional rails_4.1.8-1+deb8u5.dsc 77a49b78a71883ebecf539a4bf925cf3 100644 ruby optional rails_4.1.8-1+deb8u5.debian.tar.xz 7419b98e34b2d614ac632a91a6b3f99a 205300 ruby optional ruby-activesupport_4.1.8-1+deb8u5_all.deb fb57e3c1219a3930823d6ee5eca51573 11686 ruby optional ruby-activesupport-2.3_4.1.8-1+deb8u5_all.deb 0c4666cb57b2d98530fa40f81c40b8f7 268062 ruby optional ruby-activerecord_4.1.8-1+deb8u5_all.deb feb0b6952b126b0080beb1dbe0fe5984 48726 ruby optional ruby-activemodel_4.1.8-1+deb8u5_all.deb 57d83d62cb85ffe55ab66452c47c7b97 141328 ruby optional ruby-actionview_4.1.8-1+deb8u5_all.deb 795adc5f555e18725d389199062b787a 169746 ruby optional ruby-actionpack_4.1.8-1+deb8u5_all.deb fff2d02ed2486287db39e66d3062a2ee 31726 ruby optional ruby-actionmailer_4.1.8-1+deb8u5_all.deb bf59692cce72e4bca233e2f6d9fc50df 119070 ruby optional ruby-railties_4.1.8-1+deb8u5_all.deb 8b3395c7b9503e79fcffa989d3ac0b3d 16792 ruby optional ruby-rails_4.1.8-1+deb8u5_all.deb 4d2e5f8b5f1c22898012c9011c8a22e8 11958 ruby optional rails_4.1.8-1+deb8u5_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlygukJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkSggQAJb0cQ66GEEqZUqMyNrNbj5+0jgmwzSj+a2w n7PjAEFZ2Hsm7t3k29XsEO2AI/2swCuLVnX+AnUpQDxCmaYAKrzlCufMfNAR9ERv CqM/AxR1QUhQFOBtqIfIVquRmo+0asCXIJk+/sQFvuqCvd/kYuEQ12ccODbRH+AO Gph2KT/fpNNJtBTVlBBdLw83fs4bMVZQzeI/JDQXkXqRuwNKrIphe0fTa+6gwwMx ZrS2V7/hpF8Eh/Aj5pS6eHwInxZciHSqJq2PDrHm+dqsokPsM6fcaU7WlDw5Uz3r Y+60zO26dqPu1J9tghHl217E1mneXFps9drXEh6XiNFp+7YpFP4rJRmX183sJ4ZM bZ3VaozPjdQtCrhc+9MRiEa9Tlg7RfGlSZ5J6Lof1b0qYiNrEvwEL8FBHkujsIcA NyWFIn12wNlsBiK54uu7ogx8C8j6i7xeFvpjpwhxQHnDdMDv7XLnDEcUhm+lKpAg oiusuBJPuai+8e8OlrdjdvWrKDkXTyw64ttdHxZOGws/ItpL7xWqU/Lna1tMkpyU +xt+zvoQ7aaq6MHd09a5NWD/AZjPKPOd5vDZi/pWMb0FKK8mXGwI0waERatP0iiv A60oL28uvVkzhCAc+v7i1hQjyeYhT+Jcgvhh4QQcSJvZrKrjM8Qjd8cN0tgv4t+4 bL9U/7aV =wovO -----END PGP SIGNATURE-----
