-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 23 Jul 2021 17:32:20 +0200 Source: ruby-actionpack-page-caching Binary: ruby-actionpack-page-caching Architecture: source Version: 1.0.2-4+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: ruby-actionpack-page-caching - static page caching for Action Pack (removed from core in Rails 4 Changes: ruby-actionpack-page-caching (1.0.2-4+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2020-8159: there is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. * Drop example tests/control.ex as recommended by said file. Checksums-Sha1: 03a4a09e6cb53583bf4dd9b061753c6c801f9d77 2343 ruby-actionpack-page-caching_1.0.2-4+deb9u1.dsc 4289663f555886ad96c68ac61ee3c69fec6d6f0c 8493 ruby-actionpack-page-caching_1.0.2.orig.tar.gz 7d2a58a72cefcafa0fc0c5c22474ad7d3ebc3da9 4732 ruby-actionpack-page-caching_1.0.2-4+deb9u1.debian.tar.xz e770e9e1ce8894177793c9ce23c501c2ebcf5ab8 7659 ruby-actionpack-page-caching_1.0.2-4+deb9u1_all.buildinfo Checksums-Sha256: 1f9d0d0ca0ca5f306219a014ec8c1a7d1b22cc80d414d9e52759ff49ef96e838 2343 ruby-actionpack-page-caching_1.0.2-4+deb9u1.dsc 65b27bd5c8c9c322c66a7642975c0766196ef4c00383b738d91c179f2506af2e 8493 ruby-actionpack-page-caching_1.0.2.orig.tar.gz 782fffc827f9d943555405f6a6800b04a64ee2778b4b9c3e2d1b83481a475556 4732 ruby-actionpack-page-caching_1.0.2-4+deb9u1.debian.tar.xz deca212058015f00f5e8258ddc731b1147862ab155ec4b3645d042bbfeda69e6 7659 ruby-actionpack-page-caching_1.0.2-4+deb9u1_all.buildinfo Files: c0c2a9b3f4707ea5f809427799e6a89d 2343 ruby optional ruby-actionpack-page-caching_1.0.2-4+deb9u1.dsc 3150694c90fcff6e75c151b55a9b0dcd 8493 ruby optional ruby-actionpack-page-caching_1.0.2.orig.tar.gz 12cf29277ba30d8df680a6dda5eb4ee8 4732 ruby optional ruby-actionpack-page-caching_1.0.2-4+deb9u1.debian.tar.xz e13cd2d156ffa0acd4d7419ea460b5df 7659 ruby optional ruby-actionpack-page-caching_1.0.2-4+deb9u1_all.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmD65ZwACgkQDTl9HeUl XjDCcQ//YT6fh2IPakP6GCKpj8syn7B9zM/bUyg0kzfL7QwfSWaN0JmG84kN+HRb F5WZWDRTiKtWvLG3w9XN2egvAnQzj7fDxfBdmJCckgO8ZcKxIDKfhXXHkLgPZqZO vqdQjh6cV2IJ6C27bOVB9ziVVrtprFEOHZJpmw7GbBqk31jrpkB/XDMISwb3YgKh h1WxTO2H2K4vUjhHFENTb6t6Vm2nwCpZw+nuqt7A26FOQzX2qMUqotrbPclrEyiL b0++lm7+AmUtg63pVO2gA1YpDU48cb7oAfdoFmNFzR+yNuVCp8Clij6cwm6WRucx 3PULAEQkiD7lEGXim2HYu79xBLqH2BIsuGygxiCMSx+kIdwo1sEB/yLyEbwL6yK0 TVQaWFHIlztkS+xzj5L8AiIy3VbLa893W2WotSMBdMeltleH77/hNVtf4CPi2Ip8 GzF1b9vhq4kN74FLo/hyM6aNM1ifkvWnJAXRt6lP+s/tzMYf2VylBf96CWVey1gB JWRXaBn3PMhLkIuSUcaSrOb9asRKrletYteIjQAnCMi8Q3d28qbhgDUZIkXhy+vH z+32iBonirs73+LZ6fT4G2H6syb3mrR+T8uSCMz7KV30rO9qstiaCNE27TdzDh3A SVdxO3C3m/JkA/QPbZmFo6eEShm7gUM6PPYbkgBMryFHQKx+GTg= =FViU -----END PGP SIGNATURE-----
