Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted rails 2:6.0.3.7+dfsg-2+deb11u1 (source) into stable-security
Date: Mon, 13 Mar 2023 02:59:17 +0000
Signed by: Aron Xu <aron@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 11 Mar 2023 14:53:57 +0800
Source: rails
Architecture: source
Version: 2:6.0.3.7+dfsg-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Changes:
 rails (2:6.0.3.7+dfsg-2+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2021-22942: possible open redirect vulnerability in the Host
     Authorization middleware.
   * CVE-2021-44528: specially crafted "X-Forwarded-Host" headers in
     combination with certain "allowed host" formats can lead to
     redirection of users to a malicious website.
   * CVE-2022-21831: code injection in Active Storage.
   * CVE-2022-22577: XSS in Action Pack which can lead to bypass CSP
     for non HTML like responses.
   * CVE-2022-23633: thread local state for the next request may not be
     reset when the response body has been fully closed.
   * CVE-2022-27777: XSS in Action View which can lead to content
     injection.
   * CVE-2023-22792: regular expression based DoS with specially crafted
     cookies and X_FORWARDED_HOST headers.
   * CVE-2023-22794: malicious user input may be sent to the database
     with insufficient sanitization and be able to inject SQL outside of
     the comment.
   * CVE-2023-22795: regular expression based DoS related to crafted
     If-None-Match header.
   * CVE-2023-22796: regular expression based DoS related to the
     underscore method.
Checksums-Sha1:
 b541e3209e3650a2ca95b26f0d76b550ddde085f 4492 rails_6.0.3.7+dfsg-2+deb11u1.dsc
 c93bf6d051c280503aea30877f686f20c5118483 13967752 rails_6.0.3.7+dfsg.orig.tar.xz
 639f5aa7352e446c9f42fb2dc2fd0c85531e791d 113984 rails_6.0.3.7+dfsg-2+deb11u1.debian.tar.xz
 db9f3028c631454624bb900e5dde5105e9d217ab 9072 rails_6.0.3.7+dfsg-2+deb11u1_source.buildinfo
Checksums-Sha256:
 a90366baf4c11ba2d9face895c783f06f7075b0da5a81131f8882b0ace03384a 4492 rails_6.0.3.7+dfsg-2+deb11u1.dsc
 f1adfb152227b0b840a85f3c326db91191149021adb2c5afbed99c6d32a94582 13967752 rails_6.0.3.7+dfsg.orig.tar.xz
 6f5a471ad04622fda041ac8241111d88730d8e934a8d01cb26470209e7cd30dd 113984 rails_6.0.3.7+dfsg-2+deb11u1.debian.tar.xz
 a1253e2781690625ddbf4039c7f85b822d89ed89970f37d7e090ea5ab5346e90 9072 rails_6.0.3.7+dfsg-2+deb11u1_source.buildinfo
Files:
 288481e447229dc6e73ecf4b728b336b 4492 ruby optional rails_6.0.3.7+dfsg-2+deb11u1.dsc
 9a2058e157560ede7b3a206d6f521d84 13967752 ruby optional rails_6.0.3.7+dfsg.orig.tar.xz
 9a682a00d1d058af4e97f4e50528be44 113984 ruby optional rails_6.0.3.7+dfsg-2+deb11u1.debian.tar.xz
 7f853c4d418e73231343051a7965c3fb 9072 ruby optional rails_6.0.3.7+dfsg-2+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmQMrZwACgkQO1LKKgqv
2VQipgf+IbQIIHlQM6XbDT2Gwg+Wjq2yfXMBLk7V3QIzTws/5agVS2gFELo8x+oY
o6oOf0o7QHhfs2K0nC5Vppup0JZ2vOBxM2TBGXUB2qn/EnwZtdr/RNkee1wKomdb
oPZSxGEfhfE6cH0ic7NCm0u//1Hla6iaHpOSgFmV2RtkpbIf9Vn7toHEmn3YX2xM
RjVVbtrwKoCh6omN1UD6wjNtXS3uTzke4Rr4A31/lsjkPBkReICxa5ZpVoXjY5/1
V4Yraw9Evfz1tjQo5J3lkQ/C3ZqqK99w75Rs/jCcFosRusksojvvcLO1ZItacZi4
lGxiE0Si9e7nymwTeZbA6C9Q+G2jIQ==
=fIve
-----END PGP SIGNATURE-----
News for package rails
