-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 12 May 2021 00:09:36 +0530 Source: rails Binary: ruby-activesupport ruby-activerecord ruby-activemodel ruby-activejob ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails Architecture: source Version: 2:4.2.7.1-1+deb9u5 Distribution: stretch-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Utkarsh Gupta <utkarsh@debian.org> Description: rails - MVC ruby based framework geared for web application development ( ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R ruby-actionview - framework for handling view template lookup and rendering (part o ruby-activejob - job framework with pluggable queues ruby-activemodel - toolkit for building modeling frameworks (part of Rails) ruby-activerecord - object-relational mapper framework (part of Rails) ruby-activesupport - Support and utility classes used by the Rails 4.1 framework ruby-rails - MVC ruby based framework geared for web application development ruby-railties - tools for creating, working with, and running Rails applications Closes: 988214 Changes: rails (2:4.2.7.1-1+deb9u5) stretch-security; urgency=high . * Add patch to prevent string polymorphic route arguments. (Fixes: CVE-2021-22885) (Closes: #988214) * Add patch to prevent slow regex when parsing host auth header. (Fixes: CVE-2021-22904) (Closes: #988214) Checksums-Sha1: 9c14a110e25d405ece2c7a4ced4921d1fec36849 3548 rails_4.2.7.1-1+deb9u5.dsc 5a30a9f12bc2b1a907dc96a245d70447abda96a8 98748 rails_4.2.7.1-1+deb9u5.debian.tar.xz 3c6a0eece0b28733e0f6f8702ccd4f20837109b0 11412 rails_4.2.7.1-1+deb9u5_amd64.buildinfo Checksums-Sha256: b45304b3538b3cbb796bfe1c0476f633e611983d1677543628d821f5e5993da6 3548 rails_4.2.7.1-1+deb9u5.dsc b2271863f70678e8e5c50b44680d2760a6b33b3c30fe73840c03e0d56aeb239f 98748 rails_4.2.7.1-1+deb9u5.debian.tar.xz 311f97559a9159a33c020a15c56a9f3b73faa8c481c1d093cb84a5f50600906e 11412 rails_4.2.7.1-1+deb9u5_amd64.buildinfo Files: fef470c75883063f175f5f631183395b 3548 ruby optional rails_4.2.7.1-1+deb9u5.dsc 83b5002e337f64ef6c3574142fe906ec 98748 ruby optional rails_4.2.7.1-1+deb9u5.debian.tar.xz 38840abfadbf0b27cd8cdea188f50b70 11412 ruby optional rails_4.2.7.1-1+deb9u5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCa0hQTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlkevD/4iQrrPFNdzVodqEtVWK+ug5OYEHcDg UJjdelWxW6TkwlnNfOQov1HkkzxOzBFXXbEKLcCVErZE8tANq43xl8p2JLZ4WA5L cblBe3kSn1Emn8ZpU9MIuoBqVP08TWkGMNrOy2Io1VePS0DHRdQ8NJdKQXnpdghK f5CtH3+gHJPo26hteTo1smgvWTr8//Hwx6RT70hYGAUbnOfoDagPANd8S9CebeIc l7lb7pvLAbjovY0un/5Hs/ojtjUE7I/AMOsUMkgf6Vm/xbfZFdLrVHUjahkVmmyd FNx10Cwc7Tna96gpB7bKCGhE5oFQefxqYNbfpIzaBn0nnTuWm7BFMSy9JPOcpMpA z46OroirJ6vBJZnkosWuZq7g8F7igcgHybdlOCe0qdbLILmKmzeQWSTX2FL9ta02 RTOjh9ZheqbEBT4vkl4LgAUH7H4I+xfcSpxwvjKzVvTqcxZtFxVfYPmvZ2Vsx+Jf JWagFJv7Q7rluX30uRYhm2HSCJj3ChQBIeKb4+AiYySTBs18P+PXmOnquqS7JpGB 69/N9bMhvYyKPRHeEVBdbz1pWtSIe619yaTVaAfDvaCX8lMj/IIdoVrxUXmOU4xG z7lmTyxTteWVBWr92wN58LcVEwMOgALuZFCTRvLXtDlty1POxOA/d/IEwCB8jFUD BSrMZWuD1R0VBQ== =SCFS -----END PGP SIGNATURE-----