-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 11 May 2026 08:45:38 +0200 Source: rails Architecture: source Version: 2:6.0.3.7+dfsg-2+deb11u5 Distribution: bullseye-security Urgency: high Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Closes: 1016140 Changes: rails (2:6.0.3.7+dfsg-2+deb11u5) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2022-32224: A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. (Closes: #1016140) * CVE 2023-28120: fix patch. * Update Salsa-CI for LTS. * Fix Lintian source overrides. * CVE 2023-22792: fix tests. Checksums-Sha1: b904b07053e657206110c899082d3f8c320e46e4 4837 rails_6.0.3.7+dfsg-2+deb11u5.dsc c93bf6d051c280503aea30877f686f20c5118483 13967752 rails_6.0.3.7+dfsg.orig.tar.xz a06bd5fff563cf4c77aece8c58761978aa06ceb8 130344 rails_6.0.3.7+dfsg-2+deb11u5.debian.tar.xz 267f008ea34c194f3f597bd53e46fbf74f0c6aaa 32872 rails_6.0.3.7+dfsg-2+deb11u5_source.buildinfo Checksums-Sha256: 6f9f003ceed59764f252140466e50fd96f8003540e86d6ed55e424ae820aff9d 4837 rails_6.0.3.7+dfsg-2+deb11u5.dsc f1adfb152227b0b840a85f3c326db91191149021adb2c5afbed99c6d32a94582 13967752 rails_6.0.3.7+dfsg.orig.tar.xz 490484f7b2e10aeb4f88588e5f3467035a7527836b22a384b54b0a448958762f 130344 rails_6.0.3.7+dfsg-2+deb11u5.debian.tar.xz 85b10bfbcdaeab5a96784c5779d1f416180a063fa9ab97211e05c2ac61d66be4 32872 rails_6.0.3.7+dfsg-2+deb11u5_source.buildinfo Files: 9bf3fdcef58eb4964a7390012ec9fcb8 4837 ruby optional rails_6.0.3.7+dfsg-2+deb11u5.dsc 9a2058e157560ede7b3a206d6f521d84 13967752 ruby optional rails_6.0.3.7+dfsg.orig.tar.xz 347a29af67f851e633676713e18d4fee 130344 ruby optional rails_6.0.3.7+dfsg-2+deb11u5.debian.tar.xz 800e44d6130576807953498b964407b8 32872 ruby optional rails_6.0.3.7+dfsg-2+deb11u5_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmoB0RYACgkQDTl9HeUl XjBEZQ//TMhvhhJXoxv6xXe2OMv0uUUQ4fSeTjV8ZxnBZhtCsW03yhwV664HaBDD BEC7FwkmLTquiLk9xqyXgBqzbIvWhUOuP3P6f8K92Lz8Kix26qKwsi5/GG2BOnR8 WCB97NJxXFBKO3z/xjUB5xQlaKmpiz6nBoZO27tJXF4HIYfea0Ixqb6lTkFQ2eMk Wf6ZgkJMcBocp2g95Wp+kUXejBbfFbTyn3usAi5e4g9fej/hYvk94eqjrEHyWhlk BWTVesaKm/Rqfl1LmXOcJdKMz/Ph0c3Xwi4kzQ/4hNnG+lsMw4HgYLLRQD7fyetX xfpbS6XMT5YVIOxs42zWoNMcLAgrSlr/C/E/diBKBUJUiWormfcMKwANxWhRA6xE EondN1AFTQhCRmC6dHshUrS3eymjV96FfWIM/NogBfgNLoLWpzaPU1clzxzLTcci yO/+Rq/20oO+NGZ1vxma5IKTqCv4SiwH2oiRSDTxfFrV7jFvDR9SWccsf0Dh3fBf Q08bXPBnFpUqUIQPNBVo3DA5z0yIcl2F64m+4u08XlVWcAnP4XVv9t3c5+7jgC79 sAwkPB7HQA1SQ9Png59RA4pyE8VTGw6XKgl3SvATxroTKVZkmcPuhm9dqT4ZYwLh mE8hD+STYsIZRA9iC3ebI0azVvb25fFDtFBZXYwsiq53fJYpZ8c= =Ul3t -----END PGP SIGNATURE-----
