-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 19 Dec 2025 21:53:42 +0100 Source: rails Architecture: source Version: 2:6.0.3.7+dfsg-2+deb11u4 Distribution: bullseye-security Urgency: medium Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1111106 Changes: rails (2:6.0.3.7+dfsg-2+deb11u4) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Fix CVE-2025-24293 Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters. * Fix CVE-2025-55193 (Closes: #1111106) Active Record connects classes to relational database tables. The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences Checksums-Sha1: f23db186263b00218e037f8f77c962d2c6cc93d3 4935 rails_6.0.3.7+dfsg-2+deb11u4.dsc c93bf6d051c280503aea30877f686f20c5118483 13967752 rails_6.0.3.7+dfsg.orig.tar.xz 08943d4f017078fb98e2b563042db975973b3df6 131476 rails_6.0.3.7+dfsg-2+deb11u4.debian.tar.xz eb54f25f5468eb78e44eaa81b11bf0120eaf30c0 17235 rails_6.0.3.7+dfsg-2+deb11u4_source.buildinfo Checksums-Sha256: 80dea9a7c1edd6d2daa3fb76b5a03959d2da0c5d2a0d2903a2a6cb25d7ded053 4935 rails_6.0.3.7+dfsg-2+deb11u4.dsc f1adfb152227b0b840a85f3c326db91191149021adb2c5afbed99c6d32a94582 13967752 rails_6.0.3.7+dfsg.orig.tar.xz 01ecd3d5379f004da0b714b9a5ea2b1511a62c1271481cdfdc05e8696959ecfd 131476 rails_6.0.3.7+dfsg-2+deb11u4.debian.tar.xz 85d72518e00ca087014c15dd1807c88e6a0bc433bd50a550b8a6617691dd30dc 17235 rails_6.0.3.7+dfsg-2+deb11u4_source.buildinfo Files: 4483eb4682c71e04cc098f4fa36d20eb 4935 ruby optional rails_6.0.3.7+dfsg-2+deb11u4.dsc 9a2058e157560ede7b3a206d6f521d84 13967752 ruby optional rails_6.0.3.7+dfsg.orig.tar.xz 6e729bba0afb6c5bc255ddadd34fbe54 131476 ruby optional rails_6.0.3.7+dfsg-2+deb11u4.debian.tar.xz 041307d788a7b40e1ec8fb4cd5c583e9 17235 ruby optional rails_6.0.3.7+dfsg-2+deb11u4_source.buildinfo -----BEGIN PGP SIGNATURE----- wsG7BAEBCgBvBYJpR/8GCRAAOhotqkEIX0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmfWg6j93hmEyUQiR39Ac9MfdbZLExaFroE476+a7pKI bRYhBF0Bh7lAokW617D1agA6Gi2qQQhfAAAu+hAAhUW+4tHnM10rFm54exURKNDA cqFyTU9jAL6l/kftzgHZdMxynmaKJd2epe1Z94/RCf0dns7J6d9aaldQf57tosr8 by1j30BoYn+wP1kWksKavdQCZ8W3RL7NEnkVNSk8TEbdjwnjeBirH2kxzAOouhxx oSTqX24WNYiNXgr4+Uw87KlOa7gb40+VyJvyVD7o6RimjG7Gfum9kX8YZ1ecMird Z9sSZAwxYGNcFIntf6a824mSjcH7IfXZWn1oXb5BjHIMnnXdLODY5VynYXIksV0S q+b7XTZMruQ8/+XzgaYMmXWQoAdIjVCJNMKeSlDgxKiMvA3YHYhy1bpXMTVLLNBo sHPAWvkCYyoyE6pgg1nQp5DyujW4HGO52u6ikRRU7dXOZwkwSmCztaDB7rxlftla Ft2GHiAXCMP4/HH6gVUSfdsWI2a/hjK1tS3GlU/GDX5YbOD1fiIV2fWgsM23EL/3 gTvP+L4jKtkSWi4fVHyls19Kw1xNgtmonQpKnvhi9L4RZiSxliU1WLlpxeWGTgw1 EItJa1KFW6F+U51F31A0nDW6iKK8Ft+NQBmueGYv00YQtOiC5cKXool1xuVpoaCO n1fCbuj6qs/SVgLbzlQITN/hKs6uvlq1RJLDvsYaOEYWqa+vvWkhR0MAtdGKbkj2 PNruSXD6nakbHswGJbM= =flZF -----END PGP SIGNATURE-----
