-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 04 Dec 2013 11:13:41 +0100 Source: rails-3.2 Binary: ruby-activesupport-3.2 ruby-activerecord-3.2 ruby-activeresource-3.2 ruby-activemodel-3.2 ruby-actionpack-3.2 ruby-actionmailer-3.2 ruby-railties-3.2 ruby-rails-3.2 rails3 Architecture: source all Version: 3.2.16-3+0 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Description: rails3 - MVC ruby based framework geared for web application development ruby-actionmailer-3.2 - email composition, delivery, and receiving framework (part of Rai ruby-actionpack-3.2 - web-flow and rendering framework putting the VC in MVC (part of R ruby-activemodel-3.2 - toolkit for building modeling frameworks (part of Rails) ruby-activerecord-3.2 - object-relational mapper framework (part of Rails) ruby-activeresource-3.2 - REST modeling framework (part of Rails) ruby-activesupport-3.2 - Support and utility classes used by the Rails 3.2 framework ruby-rails-3.2 - MVC ruby based framework geared for web application development ruby-railties-3.2 - MVC ruby based framework geared for web application development Changes: rails-3.2 (3.2.16-3+0) unstable; urgency=medium . [ Ondřej Surý ] * Repack rails-3.2 based on the rails-4.0 packaging + Ignore all test results (for now) * New upstream version 3.2.16, fixes: + [CVE-2013-6417] Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) + [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails + [CVE-2013-6415] XSS Vulnerability in number_to_currency + [CVE-2013-6414] Denial of Service Vulnerability in Action View . [ Antonio Terceiro ] * This source package includes all of the Rails components and supersedes the ones in the following individual packages: - rails3 - ruby-actionmailer-3.2 - ruby-actionpack-3.2 - ruby-activemodel-3.2 - ruby-activerecord-3.2 - ruby-activeresource-3.2 - ruby-activesupport-3.2 - ruby-rails-3.2 - ruby-railties-3.2 * Changes with regards to current packages: - a basic as-installed test suite was added in debian/tests. Right now we will know when some dependency breaks the very basic use case of a new rails app, and as it evolves we will also catch more subtle problems. - Some dependencies were relaxed so they can be satisfied by packages in the archive which are newer than they were when rails 3 was released. - ruby-rails-3.2 now recommends packages needed to run the empty application created by `rails new` Checksums-Sha1: 19939e9a0a794908b240a9e8cab6fe241976dc7a 2549 rails-3.2_3.2.16-3+0.dsc 3de5a6a473be2586f24c1aac2dd81fb3ab20b4e4 3566631 rails-3.2_3.2.16.orig.tar.gz 7edc778b2263adf259e3d71f0b7fddbff596a86c 12968 rails-3.2_3.2.16-3+0.debian.tar.xz cd9f502c64d860ab9f1b42d09690081de7c705a3 187398 ruby-activesupport-3.2_3.2.16-3+0_all.deb 48aac9e38720f142d2c76d44f36f1d2ecbe39405 216122 ruby-activerecord-3.2_3.2.16-3+0_all.deb 0ade0d479f63c559ffb5c5b5be9f9d2d1799d25b 37612 ruby-activeresource-3.2_3.2.16-3+0_all.deb 17d877441476cfbf4d94267e6a49d70f65a89e4a 45848 ruby-activemodel-3.2_3.2.16-3+0_all.deb d076a4f8d2514db4280fe2f9b077d6e64432ba93 248598 ruby-actionpack-3.2_3.2.16-3+0_all.deb 2b9642b0449d76b9ee95e8f4a6076204caacd9b6 26414 ruby-actionmailer-3.2_3.2.16-3+0_all.deb 4f006c6943212ac8c5c7c7dfa37bf13b2be0a3b1 112282 ruby-railties-3.2_3.2.16-3+0_all.deb b100cf28a370af01f60b0d24c1a620d8624cc097 11412 ruby-rails-3.2_3.2.16-3+0_all.deb 6e5e6283bd46c2f792f58d97d1a390543f8851e1 9104 rails3_3.2.16-3+0_all.deb Checksums-Sha256: 890c36eb1f711ba310e0931e989b8f1150117a134c766ed85f7ee255805397c4 2549 rails-3.2_3.2.16-3+0.dsc 8fe61b98496e40d8aaef5f8db217f2aad56c9add1bf8417c37a0cbd24f74a57e 3566631 rails-3.2_3.2.16.orig.tar.gz 0196860be3bfd34e7fd767cf80a6c0c50d778ef73a73b8a1361dad46a04763eb 12968 rails-3.2_3.2.16-3+0.debian.tar.xz 868c3f90e71d4a71d0d5e2ae6c25388b5011a5913754545ebf58735a051583ec 187398 ruby-activesupport-3.2_3.2.16-3+0_all.deb 9b23ab5f266efe2b48c2691e034b0d9ea609c06b8575d7ad5f0c6f1d5b39571a 216122 ruby-activerecord-3.2_3.2.16-3+0_all.deb 990a83e72b3f340d26c555ded5af4a87c8546f820d26175524a3c3fe2439908a 37612 ruby-activeresource-3.2_3.2.16-3+0_all.deb 8128e9bf2b88b932f6496de5ed209d990f30e979dff26bc1fb609b633d4e39bd 45848 ruby-activemodel-3.2_3.2.16-3+0_all.deb 23a450d9413055fa1cceee3d9c1eb140ee43df9f5029c88d98ecb7dc383d1552 248598 ruby-actionpack-3.2_3.2.16-3+0_all.deb 09d8e671f81df99c23f6b2f01c46d790dacb3610fcdbdee699fe0fc29b477a78 26414 ruby-actionmailer-3.2_3.2.16-3+0_all.deb 78bdb2c094385a98a5949019d801111bbde6bd3141e9720be722c6be545e7428 112282 ruby-railties-3.2_3.2.16-3+0_all.deb ce66b6503c6c7b6345fd6ffe2e92e6d3a097ed4ed260d1595fae994859cab9f5 11412 ruby-rails-3.2_3.2.16-3+0_all.deb 3b95ed17ca3add91b999894ff11e4ba535a59347b6b32394f9707dcda8c63a97 9104 rails3_3.2.16-3+0_all.deb Files: 514db9cdbe4a6c40a8b203334118fc03 2549 ruby optional rails-3.2_3.2.16-3+0.dsc 707257469d8180a5b26c22f3c821ecd4 3566631 ruby optional rails-3.2_3.2.16.orig.tar.gz 6289a0cc926a50060550320b31595e01 12968 ruby optional rails-3.2_3.2.16-3+0.debian.tar.xz bb437be3814d368d336036a43d2bbb45 187398 ruby optional ruby-activesupport-3.2_3.2.16-3+0_all.deb 14ffa961e3e9dc0c87c2d2a031696a7b 216122 ruby optional ruby-activerecord-3.2_3.2.16-3+0_all.deb ac7781e743ca7278c7e9412671d24d5c 37612 ruby optional ruby-activeresource-3.2_3.2.16-3+0_all.deb 9dd32c581714e9485f55bd649162adf9 45848 ruby optional ruby-activemodel-3.2_3.2.16-3+0_all.deb e80bb432b4a5da36eb85b9c8cbfc4911 248598 ruby optional ruby-actionpack-3.2_3.2.16-3+0_all.deb 40ef9eb362a6dde2aea1b0cfdac8b82b 26414 ruby optional ruby-actionmailer-3.2_3.2.16-3+0_all.deb ebf64edf0add92487ee0708acd43352e 112282 ruby optional ruby-railties-3.2_3.2.16-3+0_all.deb b2b4c6d1988253a17232d7f41a365a11 11412 ruby optional ruby-rails-3.2_3.2.16-3+0_all.deb 31eaaba0f5dc361424023eb849c1cca9 9104 ruby optional rails3_3.2.16-3+0_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJS2AmXAAoJEPwNsbvNRgveJIQQALmq0Z33XXug2G86142pToh2 wAqyNcv2Lhsrxy0+cB0sc2JhT1JvHc9BKHBwP+3qL1v696p6zBPoS8nn/BOfkSQt k+E+qxN9bjfSZgdZGllGlD+pRx1CENZHW5ZUp5uX+nrwTyQPX6WzF0k2gSh/N3n0 6qhMMAWqhbOWRrO01RrMweUzj4eRL9INMqmBIoc9ue/LPSC6kGaKSMmH5BSlZdeS NSA4QGC7IBTGeNGEtqQxW0waXKaSPwFv+2T72sDMAfO6g8nG6Hoa3PFI1lzzeKx0 pdVDyPwgS5I9ySv/Ne7o4T37/2vXT0lx51WKNVuyu3MYN04Sn4DGeTTv+J4NenYY dFNX9z9jJetuAEUIcewb/Pewl5+M0mRGYRCOMgp9+1UU2yJ+zr4esLjW6jGkipSp XpWkZUFZiX2qvGrjwj2kQ1U18eXAY6w5SyUgmqZ+ObopXbLGbbqyKzWd8vjTUsGL Dsk3IJ5mrPtpWTCXMLn0wbljDIxG6vGANTnfbwd2qO4/jHbyNe6T79wKYYGnhh04 giM2j5Np/JiKiKi6tQpoQcWK4y/e1ug+0jSqgNzDUXBcTdDXHuW2QC2ikANWYomu f/4w72N26sXBpd1WzVDzJAOx4WwrfnRAQUZ/MDH6B5u9kQWrItRPxoqDYpcF0Kbj VFCJ6dnxf1c0QxdrGpwB =BTIw -----END PGP SIGNATURE-----