-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 29 Jun 2020 09:55:00 +0200 Source: rails Binary: ruby-activesupport ruby-activerecord ruby-activemodel ruby-activejob ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails Architecture: source Version: 2:4.2.7.1-1+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: rails - MVC ruby based framework geared for web application development ( ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R ruby-actionview - framework for handling view template lookup and rendering (part o ruby-activejob - job framework with pluggable queues ruby-activemodel - toolkit for building modeling frameworks (part of Rails) ruby-activerecord - object-relational mapper framework (part of Rails) ruby-activesupport - Support and utility classes used by the Rails 4.1 framework ruby-rails - MVC ruby based framework geared for web application development ruby-railties - tools for creating, working with, and running Rails applications Changes: rails (2:4.2.7.1-1+deb9u3) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2020-8164: possible Strong Parameters Bypass in ActionPack * CVE-2020-8165: potentially unintended unmarshalling of user-provided objects in MemCacheStore * CVE-2020-8163: potential remote code execution of user-provided local names Checksums-Sha1: 690e46ebb3f0b843b47b4655bf4cfdd6a5d3f937 3174 rails_4.2.7.1-1+deb9u3.dsc d8389a376f2b03547b1ce8f8df26f69f85e65d42 4181681 rails_4.2.7.1.orig.tar.gz fa218fadc64e42c3e3e7191c50c97e3f02cc0b3c 96412 rails_4.2.7.1-1+deb9u3.debian.tar.xz a18b1d2aa9cdadf6025ee9f37429971efd6d2dbf 10984 rails_4.2.7.1-1+deb9u3_amd64.buildinfo Checksums-Sha256: d61f013cc1f01ab7227c4060ada38f5c0f6b81b62b5a159ba3b8c8f95d07e48d 3174 rails_4.2.7.1-1+deb9u3.dsc bfa7854f1b35e449b78db2af83fe660f17b101a487728fcfc6fb623967fb4783 4181681 rails_4.2.7.1.orig.tar.gz af5189c787b6127f8822d6ce4d09e0b15b39ce42b1d2617b3fd7ba6475358e0f 96412 rails_4.2.7.1-1+deb9u3.debian.tar.xz ef8881106cf7862f8df15684dc8b8423f7b496aa09126eb51a5cf6e14599f61c 10984 rails_4.2.7.1-1+deb9u3_amd64.buildinfo Files: b38437a852d8b4c338ac0c7432f7cd78 3174 ruby optional rails_4.2.7.1-1+deb9u3.dsc d6755586a995283c91f15d857ef74387 4181681 ruby optional rails_4.2.7.1.orig.tar.gz f96aaabb1ad1821c6112269bf49fdf19 96412 ruby optional rails_4.2.7.1-1+deb9u3.debian.tar.xz 46382fecbe1dfdb19dcb0e7f8657cd83 10984 ruby optional rails_4.2.7.1-1+deb9u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl8VkQsACgkQj/HLbo2J BZ8/owf+NYbKiWnwP8Lz12efl8iwEVfi5a9VNYlBgsoRECCEoqwjH48Z3D2vDeFt Acbf2smTqmnava5eauZpUZxJ9OYAw2lThNAT4L+m1lcaa85Kqo4TUw7wn3YBv6ki e1h77BohMIKJoKeQObDOSwRdkLvE1bPupZnb6k06OHa/oD9Hd9FnDjvfB47lwhtc yP42cT4XUk4SExsMsP1lIbDMDSp7mKfVn8fKvMOGysxD1mJDV5CoamN72RcCO6M6 fOsGLn35cC7A5L9tg+2/k5w2qYVjlKN/opterWjSU/96hzG06U7XfxYd9GR7Fp4/ NU3/CT9CXjWwsmBbxqg5q/j24heymQ== =o4y4 -----END PGP SIGNATURE-----
