-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 27 Aug 2016 17:18:31 +0200 Source: ruby-actionpack-3.2 Binary: ruby-actionpack-3.2 Architecture: source all Version: 3.2.6-6+deb7u3 Distribution: wheezy-security Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Guido Günther <agx@sigxcpu.org> Description: ruby-actionpack-3.2 - web-flow and rendering framework putting the VC in MVC (part of R Changes: ruby-actionpack-3.2 (3.2.6-6+deb7u3) wheezy-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2016-6316 Ensure tag/content_tag escapes " in attribute values * Ensure values are strings before calling gsub. This unbreaks CVE-2016-6316. * CVE-2016-2098 Don't allow render(params) in view/controller * CVE-2016-0752 Allow :file to be outside rails root * CVE-2016-2097 Complete work on 3.2 for render_data_leak patch. * CVE-2016-0751 stop caching mime types globally * CVE-2015-7576 use secure string comparisons for basic auth username/password Checksums-Sha1: 68973337aed4e9492bc0875f825c8b96599cae6c 2319 ruby-actionpack-3.2_3.2.6-6+deb7u3.dsc dd31cf3abc57aece50d3aeab991a5aa21d9ab840 16970 ruby-actionpack-3.2_3.2.6-6+deb7u3.debian.tar.gz 00f341e5f798b2c49714166664d71fbfa61bb274 387564 ruby-actionpack-3.2_3.2.6-6+deb7u3_all.deb Checksums-Sha256: 47de511873d8c3ee43e449575c0269b851d3f6a2a3e9a05ecf7649eb80bd6872 2319 ruby-actionpack-3.2_3.2.6-6+deb7u3.dsc 8068e3c0c98c3d44f51832194ee4cc38640fb22f8179f17505dfe70b675b97c5 16970 ruby-actionpack-3.2_3.2.6-6+deb7u3.debian.tar.gz b55f012d72adb67fffe1c78cf8baff682de2365866b9056d27c2e09cbc959824 387564 ruby-actionpack-3.2_3.2.6-6+deb7u3_all.deb Files: 546e42a335cd39ada87dff4caf82bb34 2319 ruby optional ruby-actionpack-3.2_3.2.6-6+deb7u3.dsc 62bcb4ad5081d090acfe336b109c5cbb 16970 ruby optional ruby-actionpack-3.2_3.2.6-6+deb7u3.debian.tar.gz 8e1804000fe63eb37ff0d3e80a850c19 387564 ruby optional ruby-actionpack-3.2_3.2.6-6+deb7u3_all.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJXwxs2AAoJEAe4t7DqmBILqS4QAINEZ3lv1qk6MyRHqnAbhaBJ orix1rMOyn2hsvpxDuVGkzhqPFzA+Y/nCf26h9sXpSdwOrl8It1Lj9yY7CO7Dvhb wBs/wlDlc5encwsKem837oDnM7hpFV+n2HMw+JpuOStCWD9E7syeBseVrKukAjPV 9P/VrtlZdTPlF/tezPmQvJCtJ0yxliT6/p354PYrFXyH+TXOR2CLOg0CNKk0acNX /pSXxtsCCgkmfUsmvlyMXOKnVZcvQGqpxpbTLCR4a3EdKKMtUa7xF1+jlpWqtHrA 0jGb5cnHV63jB6BO0WJbmcipee4lE0Fw29ZfMnKzVW6Q4b8Ca0N7quKF2DlEflJa ktUD0lPGIXlK//f/ggMsUTloOSLMAJrhN7NMQflCSLhyKoCzPv5JVm9htgmonsNx /rJfHuDqHzLKHvLoi85FZMUZtlXC7vApHxVNjOJk5BHiUTRnmbMDE5CiZSR0owB0 bavjnynYvik0ttOKLKY8iGkWk96J7GsYn++fHcbYHWh4BgUiqNlKUc/RxKRYfU5L jhyyqZrBpNUQmuKjuOhTDCpbn6xxEcRT8wyRHsCqdAlzOyyDZ6CPul6dh2fD5fob GeINp4dDJEM5sETJ9mSumsYywl8hiZs32/Xh/wxt1twODwmDovuVkhhWXbY1NcGS oceY+73GG0vE3TbNbRpp =qrd5 -----END PGP SIGNATURE-----