-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 10 Aug 2012 13:08:08 -0300 Source: ruby-actionpack-3.2 Binary: ruby-actionpack-3.2 Architecture: source all Version: 3.2.6-4 Distribution: unstable Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Antonio Terceiro <terceiro@debian.org> Description: ruby-actionpack-3.2 - web-flow and rendering framework putting the VC in MVC (part of R Closes: 684454 Changes: ruby-actionpack-3.2 (3.2.6-4) unstable; urgency=high . * Add patches for security problems (Closes: #684454): + CVE-2012-3463 - Ruby on Rails Potential XSS Vulnerability in select_tag prompt + CVE-2012-3465 - XSS Vulnerability in strip_tags + Both patches were edited from their original versions in two ways: - the leading a/ and b/ from the filenames were stripped - changes over test files were removed, since the Debian package contains no test files. Checksums-Sha1: 38d9541007135c215ea4a6c3de5517638d33e6e8 1683 ruby-actionpack-3.2_3.2.6-4.dsc c598b0bc82b33735f7061846ebee54a212eb2808 4307 ruby-actionpack-3.2_3.2.6-4.debian.tar.gz d1ecf1fe0596cc5e714a28fd9e93c4dd5dd3f85f 387618 ruby-actionpack-3.2_3.2.6-4_all.deb Checksums-Sha256: f110bcba58e48a2aad548830c892d661c63113fb5a1c5b182d9741dfd66fc697 1683 ruby-actionpack-3.2_3.2.6-4.dsc 2e1266853a1ffd22e456bbad283b0fdcf1eb04b1f1b92fe9f863f164b588844a 4307 ruby-actionpack-3.2_3.2.6-4.debian.tar.gz c5bd73bbf085d8059fb3ff4459d19aa97380aa0a6ae9442f41184ec27aaa0d21 387618 ruby-actionpack-3.2_3.2.6-4_all.deb Files: d1b71c00580f03e8d8bd9c9140d0a51a 1683 ruby optional ruby-actionpack-3.2_3.2.6-4.dsc 9baaa0b914285aef6f15de0c52ad78a5 4307 ruby optional ruby-actionpack-3.2_3.2.6-4.debian.tar.gz 5029f55804c25a69d7fcf345d1439a8b 387618 ruby optional ruby-actionpack-3.2_3.2.6-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlAlQtMACgkQDOM8kQ+cso8q3QCdGRsTvclVtO4dTxFfFgKxDZol AQwAnj3QNOWjvuluYm/xKviLrlpZZSLG =ZyG4 -----END PGP SIGNATURE-----