action needed
A new upstream version is available: 1.9.0
high
A new upstream version 1.9.0 is available, you should consider packaging it.
1 security issue in buster
high
There is 1 open security issue in buster.
1 important issue:
- CVE-2015-9284: The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
1 security issue in stretch
high
There is 1 open security issue in stretch.
1 important issue:
- CVE-2015-9284: The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
1 security issue in sid
high
There is 1 open security issue in sid.
1 important issue:
- CVE-2015-9284: The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
1 security issue in jessie
high
There is 1 open security issue in jessie.
1 important issue:
- CVE-2015-9284: The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.3.0 instead of
4.1.4).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/r/ruby-omniauth.png){kind=link}