Accepted: rails 1.2.5-1 (source)
Ubuntu Installer
archive at ubuntu.com
Mon Nov 19 10:38:47 GMT 2007
Accepted:
OK: rails_1.2.5.orig.tar.gz
OK: rails_1.2.5-1.diff.gz
OK: rails_1.2.5-1.dsc
-> Component: universe Section: web
Origin: Debian/unstable
Format: 1.7
Date: Mon, 19 Nov 2007 10:11:03 +0000
Source: rails
Binary: rails
Architecture: source
Version: 1.2.5-1
Distribution: hardy
Urgency: high
Maintainer: Adam Majer <adamm at zombino.com>
Changed-By: William Grant <william at qeuni.net>
Description:
rails - MVC ruby based framework geared for web application development
Changes:
rails (1.2.5-1) unstable; urgency=high
.
* This is a new upstream release that addresses problems not
corrected in 1.2.4 or regressions.
+ to_json XSS [CVE-2007-3227] is really closed now
+ Potential Information Disclosure or DoS with Hash#from_xml
[CVE-2007-5379]
+ Session Fixation attacks. [CVE-2007-5380] URL based sessions are
now disabled by default. Session ids are only accepted from
cookies by default now.
[Micah Anderson]
* Urgency set to high due to security issues addressed
Files:
f3504e64530737fe20b0531a1fd3c456 1598999 web optional rails_1.2.5.orig.tar.gz
a4fbc6914535d2eaddf0a1dbb7950ffa 27432 web optional rails_1.2.5-1.diff.gz
8969b125be7449232c9f00af1cfcdc01 607 web optional rails_1.2.5-1.dsc
More information about the Hardy-changes
mailing list