rails - Debian Package Tracker

general

source: rails (main)
version: 2:6.1.7.3+dfsg-2
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Sruthi Chandran [DMD] – Utkarsh Gupta [DMD]
arch: all
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2:5.2.2.1+dfsg-1+deb10u3
o-o-sec: 2:5.2.2.1+dfsg-1+deb10u5
o-o-bpo: 2:5.2.4.3+dfsg-2~bpo10+1
oldstable: 2:6.0.3.7+dfsg-2+deb11u2
old-sec: 2:6.0.3.7+dfsg-2+deb11u2
old-bpo: 2:6.1.7.3+dfsg-1~bpo11+1
stable: 2:6.1.7.3+dfsg-1
testing: 2:6.1.7.3+dfsg-2
unstable: 2:6.1.7.3+dfsg-2

versioned links

2:5.2.2.1+dfsg-1+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:5.2.2.1+dfsg-1+deb10u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:5.2.4.3+dfsg-2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:6.0.3.7+dfsg-2+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:6.1.7.3+dfsg-1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:6.1.7.3+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:6.1.7.3+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

rails (1 bugs: 0, 0, 1, 0)
ruby-actioncable
ruby-actionmailbox
ruby-actionmailer
ruby-actionpack
ruby-actiontext
ruby-actionview
ruby-activejob
ruby-activemodel
ruby-activerecord
ruby-activestorage
ruby-activesupport
ruby-rails
ruby-railties

action needed

A new upstream version is available: 6.1.7.6 high

A new upstream version 6.1.7.6 is available, you should consider packaging it.

Created: 2023-06-30 Last update: 2023-10-01 02:03

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2023-28362:
CVE-2023-38037:

Created: 2023-07-16 Last update: 2023-09-02 00:08

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2023-28362:
CVE-2023-38037:

Created: 2023-07-16 Last update: 2023-09-02 00:08

9 security issues in buster high

There are 9 open security issues in buster.

9 important issues:

CVE-2022-32224: A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.
CVE-2022-44566: A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.
CVE-2023-22792: A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
CVE-2023-22795: A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
CVE-2023-22796: A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.
CVE-2023-23913:
CVE-2023-28120:
CVE-2023-28362:
CVE-2023-38037:

Created: 2022-09-14 Last update: 2023-09-02 00:08

4 security issues in bullseye high

There are 4 open security issues in bullseye.

4 important issues:

CVE-2022-32224: A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.
CVE-2022-44566: A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.
CVE-2023-28362:
CVE-2023-38037:

Created: 2022-07-04 Last update: 2023-09-02 00:08

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2023-28362:
CVE-2023-38037:

Created: 2023-07-16 Last update: 2023-09-02 00:08

lintian reports 3 errors and 5 warnings high

Lintian reports 3 errors and 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-03-26 Last update: 2023-06-26 10:35

debian/patches: 8 patches to forward upstream low

Among the 19 debian patches available in version 2:6.1.7.3+dfsg-2 of the package, we noticed the following issues:

8 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-06-26 11:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.0).

Created: 2022-05-11 Last update: 2023-06-26 04:49

testing migrations

This package is part of the ongoing testing transition known as auto-upperlimit-ruby-minitest. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2023-06-28] rails 2:6.1.7.3+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-06-25] Accepted rails 2:6.1.7.3+dfsg-2 (source) into unstable (Georg Faerber)
[2023-05-13] Accepted rails 2:6.1.7.3+dfsg-1~bpo11+1 (source all) into bullseye-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2023-04-16] Accepted rails 2:6.0.3.7+dfsg-2+deb11u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Aron Xu)
[2023-04-14] Accepted rails 2:6.0.3.7+dfsg-2+deb11u2 (source) into stable-security (Debian FTP Masters) (signed by: Aron Xu)
[2023-03-31] rails 2:6.1.7.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-03-25] Accepted rails 2:6.1.7.3+dfsg-1 (source) into unstable (Lucas Nussbaum)
[2023-03-15] Accepted rails 2:6.0.3.7+dfsg-2+deb11u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Aron Xu)
[2023-03-13] Accepted rails 2:6.0.3.7+dfsg-2+deb11u1 (source) into stable-security (Debian FTP Masters) (signed by: Aron Xu)
[2023-02-10] Accepted rails 2:6.1.7+dfsg-3~bpo11+2 (source all) into bullseye-backports (Utkarsh Gupta)
[2023-02-09] Accepted rails 2:6.1.7+dfsg-3~bpo11+1 (source all) into bullseye-backports (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2022-12-12] rails 2:6.1.7+dfsg-3 MIGRATED to testing (Debian testing watch)
[2022-12-09] Accepted rails 2:6.1.7+dfsg-3 (source) into unstable (Antonio Terceiro)
[2022-11-01] rails 2:6.1.7+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-10-29] Accepted rails 2:6.1.7+dfsg-2 (source) into unstable (Nilesh Patra)
[2022-09-16] rails 2:6.1.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-09-14] Accepted rails 2:5.2.2.1+dfsg-1+deb10u5 (source all) into oldstable (Abhijith PA)
[2022-09-12] Accepted rails 2:6.1.7+dfsg-1 (source) into unstable (Utkarsh Gupta)
[2022-09-10] rails 2:6.1.6.1+dfsg-4 MIGRATED to testing (Debian testing watch)
[2022-09-07] Accepted rails 2:6.1.6.1+dfsg-4 (source) into unstable (Utkarsh Gupta)
[2022-09-05] Accepted rails 2:6.1.6.1+dfsg-3 (source) into unstable (Utkarsh Gupta)
[2022-09-05] Accepted rails 2:6.1.6.1+dfsg-2 (source) into unstable (Utkarsh Gupta)
[2022-09-04] Accepted rails 2:5.2.2.1+dfsg-1+deb10u4 (source all) into oldstable (Abhijith PA)
[2022-08-23] Accepted rails 2:6.1.6.1+dfsg-1 (source) into unstable (Gabriela Pivetta) (signed by: Utkarsh Gupta)
[2022-06-23] rails 2:6.1.4.7+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-06-21] Accepted rails 2:6.1.4.7+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2022-06-20] Accepted rails 2:6.1.4.7+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2022-06-04] rails 2:6.1.4.6+dfsg-3 MIGRATED to testing (Debian testing watch)
[2022-06-01] Accepted rails 2:6.1.4.6+dfsg-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2022-05-02] rails 2:6.1.4.6+dfsg-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 5
RC: 0
I&N: 3
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (3, 5)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2:6.1.7.3+dfsg-2build1
6 bugs