Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted rails 2:6.0.3.7+dfsg-2+deb11u2 (source) into stable-security
Date: Fri, 14 Apr 2023 16:31:28 +0000
Signed by: Aron Xu <aron@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 07 Apr 2023 01:30:34 +0800
Source: rails
Architecture: source
Version: 2:6.0.3.7+dfsg-2+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Changes:
 rails (2:6.0.3.7+dfsg-2+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2023-23913: a DOM based cross-site scripting in rails-ujs
     for contenteditable HTML.
   * CVE-2023-28120: Possible XSS Security Vulnerability in
     SafeBuffer#bytesplice.
   * Address a regression introduced in the fix of CVE-2021-22942.
Checksums-Sha1:
 03b3263109511715298327a4214a480030d76ae0 4492 rails_6.0.3.7+dfsg-2+deb11u2.dsc
 a1d89ed3584154428fa9b824d494ca29877ed6d9 118052 rails_6.0.3.7+dfsg-2+deb11u2.debian.tar.xz
 dace066867037f598e4d4faceffb79bbc11ebd5a 9165 rails_6.0.3.7+dfsg-2+deb11u2_source.buildinfo
Checksums-Sha256:
 464d29755a467026afce3ce3a33653993c43404ab1b2b2ffbf45eb71aa65f68e 4492 rails_6.0.3.7+dfsg-2+deb11u2.dsc
 acc1ceaf6efb5d4a1ba53bf56ab762a975f86c1d90bc885ca9161c2106967410 118052 rails_6.0.3.7+dfsg-2+deb11u2.debian.tar.xz
 de7002165c02ef2261b036b861a416999d12532acdf8fcbb41a373c38a98ad7b 9165 rails_6.0.3.7+dfsg-2+deb11u2_source.buildinfo
Files:
 6c01eb2d26c20b09568cf612557ee14d 4492 ruby optional rails_6.0.3.7+dfsg-2+deb11u2.dsc
 c4a20b84617936a9b7cec969408f8c72 118052 ruby optional rails_6.0.3.7+dfsg-2+deb11u2.debian.tar.xz
 de5d74f22b6ddbfd49eb96bf502fd37c 9165 ruby optional rails_6.0.3.7+dfsg-2+deb11u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmQ25iUACgkQO1LKKgqv
2VT2vAf+JOy13oLuse4WxnfSqetKLQBSVSwLeUV90WpKs9uGeFcHSpE7wFxtW/C6
SlIn5a3Qv6Y2lOXkUtMK646QMMILpenOegjQJIsjPaZqd7aSl/njIXXjnLsBMrIJ
/SuMgD5nXPYltbn86JaIolq2PBYivTJSFYOpa+rCGT0Fwn2DCLEIChA4xCMkJcgD
EBqW7dCCJIxEm3TKiz9L27AQ9N4DYkVSPowgIjs5gmsoCgWiQ3kMpkAW1SVaiwlm
smpEjV2rbkELhmdg0J31EZ3PqWeKJQICJXIusa9x5qJhP8/Xp/OdNusR9Zj5puTZ
1DXFMEBRk6GqU/yGfJcRlX6oRGeIlA==
=2r5Z
-----END PGP SIGNATURE-----

News for package rails