-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 09 Oct 2020 18:46:59 +0200 Source: rails Binary: ruby-activesupport ruby-activerecord ruby-activemodel ruby-activejob ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails Architecture: source Version: 2:4.2.7.1-1+deb9u4 Distribution: stretch-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: rails - MVC ruby based framework geared for web application development ( ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R ruby-actionview - framework for handling view template lookup and rendering (part o ruby-activejob - job framework with pluggable queues ruby-activemodel - toolkit for building modeling frameworks (part of Rails) ruby-activerecord - object-relational mapper framework (part of Rails) ruby-activesupport - Support and utility classes used by the Rails 4.1 framework ruby-rails - MVC ruby based framework geared for web application development ruby-railties - tools for creating, working with, and running Rails applications Changes: rails (2:4.2.7.1-1+deb9u4) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2020-15169: There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. Checksums-Sha1: c1e69aeda0d3c78018ecb86bd672191b1e8c0ada 3670 rails_4.2.7.1-1+deb9u4.dsc 5969f2bef3d0b4f873b3b7361b3d97d8f48a7d41 97260 rails_4.2.7.1-1+deb9u4.debian.tar.xz 6c3a5de229b425b749f194b466fb770e7528ec41 11484 rails_4.2.7.1-1+deb9u4_amd64.buildinfo Checksums-Sha256: 745e46898499ac29f98fdb20397990b5a146652d497d2be9337fb82bb96f0a30 3670 rails_4.2.7.1-1+deb9u4.dsc d86137979a5117d96f559f1f16e64b71869b2071c563c95d9ea15b7b83380742 97260 rails_4.2.7.1-1+deb9u4.debian.tar.xz 7d6688ab66aea0c6e30c47a82baa31ed45938c4be6360253813efceac188d276 11484 rails_4.2.7.1-1+deb9u4_amd64.buildinfo Files: aafad2fddd73d28cbb01d788c779cc7b 3670 ruby optional rails_4.2.7.1-1+deb9u4.dsc e9c83a68ac7863c333a8d4def7e20d95 97260 ruby optional rails_4.2.7.1-1+deb9u4.debian.tar.xz f889c36a9f037c6acf70368487614bef 11484 ruby optional rails_4.2.7.1-1+deb9u4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl+AnlRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkYfYQAIQiOsJ8USeGkmfuM/cI1gI2yViBJIbnA0C4 xpGQpZdz0g7uS/B8yisTjFg2f0Z9bqBHtu1cV8neF9d5b9YXZ7L13jMxCYnVvrtq Oyai8EGHORudlsjQN/xR/0ySUizKR2gcJgAHk2RIdMpv4q2A+PVbmpuRcq0iqQAL 6WJ3TT6D0HQTMVgAvwwaozAU1dPGbh/BZulpXVFSJ72ReWuZd89aFSQT+zgFEj8n SvSlDg+xb7CIUbI0PPaIU1Va2VckCkuXlA5/mAktyuhxob7TE5R1LsDt/jnl9D1P rtu+6TNsr25NHCjCXUUDAeA4RagldEnocqgmFpJvbPVvKAXwL84iXRe6Nsm5daZ1 TJCetXIcObIyfN2n8355goti3yaxzgPY0Rr07KdMroOU9PFOI89CZYLSBnxZ3LZB XFgm+Yiy7Td17TNKeQkvCQknXZ7OFQfoDUpbFESUseDp3ado/KB56rmA+X/AP6Z4 e7iJ4B+Nnk5AMvwWfgMOWB1gLqWPlvczS7/Xr4br6isT144/BgS4QzTU/LiFFSYA haBx+gr7KNWz20MEk4Kd/tIu8t5S0tbP2Awv7lALADVsY1IEYlgPW6pxNEADogtz T3STF+CaBirDzA2yUE3VB0EFHvPb4WiEACoaU1fhyRqabSe12brmrgEyDn8QFAYV Tb+Urlwt =KAMP -----END PGP SIGNATURE-----