[Bug 1035543] [NEW] Sync ruby-actionpack-3.2 3.2.6-4 (universe) from Debian unstable (main)

Logan Rosen 1035543 at bugs.launchpad.net
Sat Aug 11 04:51:26 UTC 2012 

Public bug reported:

Please sync ruby-actionpack-3.2 3.2.6-4 (universe) from Debian unstable
(main)

Changelog entries since current quantal version 3.2.6-3:

ruby-actionpack-3.2 (3.2.6-4) unstable; urgency=high

  * Add patches for security problems (Closes: #684454):
    + CVE-2012-3463 - Ruby on Rails Potential XSS Vulnerability in select_tag
      prompt
    + CVE-2012-3465 - XSS Vulnerability in strip_tags
    + Both patches were edited from their original versions in two ways:
      - the leading a/ and b/ from the filenames were stripped
      - changes over test files were removed, since the Debian package
        contains no test files.

 -- Antonio Terceiro <terceiro at debian.org>  Fri, 10 Aug 2012 13:08:08
-0300

** Affects: ruby-actionpack-3.2 (Ubuntu)
     Importance: Undecided
         Status: New

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3463

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3465

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1035543

Title:
  Sync ruby-actionpack-3.2 3.2.6-4 (universe) from Debian unstable
  (main)

Status in “ruby-actionpack-3.2” package in Ubuntu:
  New

Bug description:
  Please sync ruby-actionpack-3.2 3.2.6-4 (universe) from Debian
  unstable (main)

  Changelog entries since current quantal version 3.2.6-3:

  ruby-actionpack-3.2 (3.2.6-4) unstable; urgency=high

    * Add patches for security problems (Closes: #684454):
      + CVE-2012-3463 - Ruby on Rails Potential XSS Vulnerability in select_tag
        prompt
      + CVE-2012-3465 - XSS Vulnerability in strip_tags
      + Both patches were edited from their original versions in two ways:
        - the leading a/ and b/ from the filenames were stripped
        - changes over test files were removed, since the Debian package
          contains no test files.

   -- Antonio Terceiro <terceiro at debian.org>  Fri, 10 Aug 2012 13:08:08
  -0300

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1035543/+subscriptions

More information about the Ubuntu-sponsors mailing list