-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 28 Jan 2016 10:56:35 -0200 Source: rails Binary: ruby-activesupport ruby-activerecord ruby-activemodel ruby-activejob ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails Architecture: source Version: 2:4.2.5.1-1 Distribution: unstable Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Antonio Terceiro <terceiro@debian.org> Description: rails - MVC ruby based framework geared for web application development ( ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R ruby-actionview - framework for handling view template lookup and rendering (part o ruby-activejob - job framework with pluggable queues ruby-activemodel - toolkit for building modeling frameworks (part of Rails) ruby-activerecord - object-relational mapper framework (part of Rails) ruby-activesupport - Support and utility classes used by the Rails 4.1 framework ruby-rails - MVC ruby based framework geared for web application development ruby-railties - tools for creating, working with, and running Rails applications Changes: rails (2:4.2.5.1-1) unstable; urgency=high . * New upstream release. Includes fixes for the following several security issues: - [CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller. - [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack - [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record. - [CVE-2016-0752] Possible Information Leak Vulnerability in Action View - [CVE-2016-0753] Possible Input Validation Circumvention in Active Model - [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack Checksums-Sha1: 533ccfb78c5aae0ca449acdff1c3cb6935827284 2541 rails_4.2.5.1-1.dsc 417669dc39c34c4cc04224a17deeeb4e94943f93 4175926 rails_4.2.5.1.orig.tar.gz 525f9cc6ee420a772b389ac4e9b1aa0699f56a9e 89376 rails_4.2.5.1-1.debian.tar.xz Checksums-Sha256: 9941d2707bf3079202ffd068e4440757d0e19c8e47001afca78ca875a4d3baab 2541 rails_4.2.5.1-1.dsc 713da4f88244101457b4de5d08007f4b373cb43c3982d72de70bb5c5145afb46 4175926 rails_4.2.5.1.orig.tar.gz 78879268308b353331c30c3cd77286af137932694153f149465b6abb0dadaba5 89376 rails_4.2.5.1-1.debian.tar.xz Files: 98985071b83cba77489ccc108c3ae8d1 2541 ruby optional rails_4.2.5.1-1.dsc 722f5665e01ad69968001d168a7fbb1b 4175926 ruby optional rails_4.2.5.1.orig.tar.gz 0be1048e77e2c6f9ba32b8a19d279406 89376 ruby optional rails_4.2.5.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWqhIJAAoJEPwNsbvNRgveRncP/0TfzDIX3tR58WBOgBMxkfK/ kg1fOvOQXbm1jy5v7Je/8hzNS+6o98R4Kom8uoZhU4xWkoUzUl0QorlRH96aMzwo qXyaB3D/m1zSTMAYtUTvp46iKuZrtuPRSKrhGRqWrwz76Z4gh5MTyUPh/VriCJgW 3ZIPZPgZDgt0e3DYqzlKn1A+N9+tXempQjL8Q3MftmS6GyJ4ZM7g0R0q8BhN9mit HP2rSpx0A+GL6nBopMNv5jlUCr3U8R98haN7beyj5c6Zzgju9oG6Xpb8MyuiptYj ZrezBN8VRBPQJRl/bCsA7txRXSJAy7ndrBz4aHByGeS3zrPic7TEPLeiWW1BWF+D HQbm4G+RVMdUlt6CLLHuoHqAunWkl4jhYIs3fZ/HsJhfdvMtnEb9GYnqvvVnzwC/ apV+if2suQsV0ikdeu4ILO0p3z/ewY2pSmxkHQHCRHY+6XayFz3BBe2oAsiLPMzd VYVm7V/WCSvjHo2UizpHsxv3JLeN8Ad+6hsYTIMcrd9uP2bwCmAQOFGGzU27D+Yk f5F1wcpQhjczireLw4pZqobZsGi8jK7+4MA2YyuXEzMUbhhs7X1a3tYNuR64/D5c /VD4y593pv2LLPP8N+rQYRd+PHudSDl70jdz/6UkwdmKOVAqnpmWvrCfo4Z19vkr 6fxcdvAcXgZjhqjk8Utl =mlw+ -----END PGP SIGNATURE-----