Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2012-1099: Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x

Related Vulnerabilities: CVE-2012-1099   CVE-2012-1098  

Source

Debian Bug report logs - #668607
CVE-2012-1099: Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x

version graph

Package: rails; Maintainer for rails is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>; Source for rails is src:rails (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Fri, 13 Apr 2012 12:36:13 UTC

Severity: grave

Tags: security

Fixed in versions ruby-actionpack-2.3/2.3.14-3, rails/2.3.5-1.2+squeeze3

Done: Ondřej Surý <ondrej@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#668607; Package rails. (Fri, 13 Apr 2012 12:36:16 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>. (Fri, 13 Apr 2012 12:36:25 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2012-1098 / CVE-2012-1099
Date: Fri, 13 Apr 2012 14:24:38 +0200
Package: rails
Severity: grave
Tags: security

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913?pli=1

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099:
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#668607; Package rails. (Fri, 13 Apr 2012 13:57:07 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>. (Fri, 13 Apr 2012 13:57:08 GMT) (full text, mbox, link).

Message #10 received at 668607@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: Moritz Muehlenhoff <muehlenhoff@univention.de>, 668607@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#668607: CVE-2012-1098 / CVE-2012-1099
Date: Fri, 13 Apr 2012 15:55:10 +0200
[Message part 1 (text/plain, inline)]
Hi Moritz,

thanks for reminder.

On Fri, Apr 13, 2012 at 14:24, Moritz Muehlenhoff
<muehlenhoff@univention.de> wrote:
> Package: rails
> Severity: grave
> Tags: security
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098
> http://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913?pli=1

The vulnerable code isn't present in the rail-2.3 (which doesn't mean
that rails 2.3 is not vulnerable, just that we cannot fix that)

> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099:
> http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664

I have adapted upstream patch to rails-2.3, the code seems to be
reasonably similar to 3.x.

$ diffstat rails_2.3.5-1.2+squeeze3.debdiff
 changelog                   |    8 +++++++
 patches/CVE-2012-1099.patch |   46 ++++++++++++++++++++++++++++++++++++++++++++
 patches/series              |    1
 3 files changed, 55 insertions(+)

debdiff, dsc and debian.tar.gz attached

Ondrej
-- 
Ondřej Surý <ondrej@sury.org>

[rails_2.3.5-1.2+squeeze3.debdiff (application/octet-stream, attachment)]
[rails_2.3.5-1.2+squeeze3.debian.tar.gz (application/x-gzip, attachment)]
[rails_2.3.5-1.2+squeeze3.dsc (application/octet-stream, attachment)]

Reply sent to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility. (Fri, 13 Apr 2012 14:54:44 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Fri, 13 Apr 2012 14:54:47 GMT) (full text, mbox, link).

Message #15 received at 668607-close@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>
To: 668607-close@bugs.debian.org
Subject: Bug#668607: fixed in ruby-actionpack-2.3 2.3.14-3
Date: Fri, 13 Apr 2012 14:51:47 +0000
Source: ruby-actionpack-2.3
Source-Version: 2.3.14-3

We believe that the bug you reported is fixed in the latest version of
ruby-actionpack-2.3, which is due to be installed in the Debian FTP archive:

ruby-actionpack-2.3_2.3.14-3.debian.tar.gz
  to main/r/ruby-actionpack-2.3/ruby-actionpack-2.3_2.3.14-3.debian.tar.gz
ruby-actionpack-2.3_2.3.14-3.dsc
  to main/r/ruby-actionpack-2.3/ruby-actionpack-2.3_2.3.14-3.dsc
ruby-actionpack-2.3_2.3.14-3_all.deb
  to main/r/ruby-actionpack-2.3/ruby-actionpack-2.3_2.3.14-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 668607@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated ruby-actionpack-2.3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 13 Apr 2012 15:39:31 +0200
Source: ruby-actionpack-2.3
Binary: ruby-actionpack-2.3
Architecture: source all
Version: 2.3.14-3
Distribution: unstable
Urgency: low
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description: 
 ruby-actionpack-2.3 - Controller and View framework used by Rails
Closes: 668607
Changes: 
 ruby-actionpack-2.3 (2.3.14-3) unstable; urgency=low
 .
   * Fix vulnerability for users that generate their own options tags for
     use with the select helper in Ruby On Rails [CVE-2012-1099]
     (Closes: #668607)
Checksums-Sha1: 
 60fba8512b3cb5c6fc890aee5504825fc8aa6224 1674 ruby-actionpack-2.3_2.3.14-3.dsc
 02ef53c4369a84e7d8f0fded2921208623b4c00a 10618 ruby-actionpack-2.3_2.3.14-3.debian.tar.gz
 ffa2be2ed35e4c1339c3d6e79bf4a33ce21ee4cb 367178 ruby-actionpack-2.3_2.3.14-3_all.deb
Checksums-Sha256: 
 d78549402dfc8398d53a972c8217a327d12b840baff9d5d579a824f51164f5f7 1674 ruby-actionpack-2.3_2.3.14-3.dsc
 5cc5a4371905fa9faa448e2f158dde2a28dfb81351180d737d1fe732ed9e05ee 10618 ruby-actionpack-2.3_2.3.14-3.debian.tar.gz
 c1c5dd1f13d8082ac3d69db62780aeb80b33cb2456cd29cde684e5d70bca18ae 367178 ruby-actionpack-2.3_2.3.14-3_all.deb
Files: 
 ff7fb7c89e3ac8d4e253c36103ed6196 1674 ruby optional ruby-actionpack-2.3_2.3.14-3.dsc
 4bddf2c94ac9475eee1a838cabce6921 10618 ruby optional ruby-actionpack-2.3_2.3.14-3.debian.tar.gz
 ee604a885d8341301c384040f3f4d65f 367178 ruby optional ruby-actionpack-2.3_2.3.14-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk+ILxAACgkQ9OZqfMIN8nMpAACdEsxoaSTnocYX/kk3WwP/3qfC
8jUAnjqvV2ebYmrWFx/kbOTU1WBd3r+r
=wMC9
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#668607; Package rails. (Fri, 13 Apr 2012 16:27:08 GMT) (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>. (Fri, 13 Apr 2012 16:27:08 GMT) (full text, mbox, link).

Message #20 received at 668607@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: Ondřej Surý <ondrej@sury.org>
Cc: Moritz Muehlenhoff <muehlenhoff@univention.de>, 668607@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#668607: CVE-2012-1098 / CVE-2012-1099
Date: Fri, 13 Apr 2012 18:25:47 +0200
[Message part 1 (text/plain, inline)]
Hi,
* Ondřej Surý <ondrej@sury.org> [2012-04-13 15:56]:
> On Fri, Apr 13, 2012 at 14:24, Moritz Muehlenhoff
> <muehlenhoff@univention.de> wrote:
> > Package: rails
> > Severity: grave
> > Tags: security
> >
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098
> > http://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913?pli=1
> 
> The vulnerable code isn't present in the rail-2.3 (which doesn't mean
> that rails 2.3 is not vulnerable, just that we cannot fix that)
> 
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099:
> > http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664
> 
> I have adapted upstream patch to rails-2.3, the code seems to be
> reasonably similar to 3.x.
> 
> $ diffstat rails_2.3.5-1.2+squeeze3.debdiff
>  changelog                   |    8 +++++++
>  patches/CVE-2012-1099.patch |   46 ++++++++++++++++++++++++++++++++++++++++++++
>  patches/series              |    1
>  3 files changed, 55 insertions(+)
> 
> debdiff, dsc and debian.tar.gz attached

Looks good. Please go ahead and upload this to security-master.

Thank you!
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#668607; Package rails. (Sun, 15 Apr 2012 08:57:08 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>. (Sun, 15 Apr 2012 08:57:08 GMT) (full text, mbox, link).

Message #25 received at 668607@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: 668607@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#668607: CVE-2012-1098 / CVE-2012-1099
Date: Sun, 15 Apr 2012 10:53:12 +0200
On Fri, Apr 13, 2012 at 18:25, Nico Golde <nion@debian.org> wrote:
> Hi,
> * Ondřej Surý <ondrej@sury.org> [2012-04-13 15:56]:
>> On Fri, Apr 13, 2012 at 14:24, Moritz Muehlenhoff
>> <muehlenhoff@univention.de> wrote:
>> > Package: rails
>> > Severity: grave
>> > Tags: security
>> >
>> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098
>> > http://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913?pli=1
>>
>> The vulnerable code isn't present in the rail-2.3 (which doesn't mean
>> that rails 2.3 is not vulnerable, just that we cannot fix that)
>>
>> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099:
>> > http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664
>>
>> I have adapted upstream patch to rails-2.3, the code seems to be
>> reasonably similar to 3.x.
>>
>> $ diffstat rails_2.3.5-1.2+squeeze3.debdiff
>>  changelog                   |    8 +++++++
>>  patches/CVE-2012-1099.patch |   46 ++++++++++++++++++++++++++++++++++++++++++++
>>  patches/series              |    1
>>  3 files changed, 55 insertions(+)
>>
>> debdiff, dsc and debian.tar.gz attached
>
> Looks good. Please go ahead and upload this to security-master.

Thanks, uploaded.

For unstable it has been fixed in:
ruby-actionpack-2.3 (2.3.14-3) unstable; urgency=low

  * Fix vulnerability for users that generate their own options tags for
    use with the select helper in Ruby On Rails [CVE-2012-1099]
    (Closes: #668607)

 -- Ondřej Surý <ondrej@debian.org>  Fri, 13 Apr 2012 15:39:31 +0200

O.
-- 
Ondřej Surý <ondrej@sury.org>

Bug 668607 cloned as bug 668977 Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Mon, 16 Apr 2012 08:39:03 GMT) (full text, mbox, link).

Changed Bug title to 'CVE-2012-1099: Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x' from 'CVE-2012-1098 / CVE-2012-1099' Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Mon, 16 Apr 2012 08:39:05 GMT) (full text, mbox, link).

Reply sent to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility. (Sat, 12 May 2012 17:21:03 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sat, 12 May 2012 17:21:03 GMT) (full text, mbox, link).

Message #34 received at 668607-close@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>
To: 668607-close@bugs.debian.org
Subject: Bug#668607: fixed in rails 2.3.5-1.2+squeeze3
Date: Sat, 12 May 2012 17:17:11 +0000
Source: rails
Source-Version: 2.3.5-1.2+squeeze3

We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive:

libactionmailer-ruby1.8_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactionmailer-ruby1.8_2.3.5-1.2+squeeze3_all.deb
libactionmailer-ruby_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactionmailer-ruby_2.3.5-1.2+squeeze3_all.deb
libactionpack-ruby1.8_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactionpack-ruby1.8_2.3.5-1.2+squeeze3_all.deb
libactionpack-ruby_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactionpack-ruby_2.3.5-1.2+squeeze3_all.deb
libactiverecord-ruby1.8_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactiverecord-ruby1.8_2.3.5-1.2+squeeze3_all.deb
libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze3_all.deb
libactiverecord-ruby_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactiverecord-ruby_2.3.5-1.2+squeeze3_all.deb
libactiveresource-ruby1.8_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactiveresource-ruby1.8_2.3.5-1.2+squeeze3_all.deb
libactiveresource-ruby_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactiveresource-ruby_2.3.5-1.2+squeeze3_all.deb
libactivesupport-ruby1.8_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactivesupport-ruby1.8_2.3.5-1.2+squeeze3_all.deb
libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze3_all.deb
libactivesupport-ruby_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/libactivesupport-ruby_2.3.5-1.2+squeeze3_all.deb
rails-doc_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/rails-doc_2.3.5-1.2+squeeze3_all.deb
rails-ruby1.8_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/rails-ruby1.8_2.3.5-1.2+squeeze3_all.deb
rails_2.3.5-1.2+squeeze3.debian.tar.gz
  to main/r/rails/rails_2.3.5-1.2+squeeze3.debian.tar.gz
rails_2.3.5-1.2+squeeze3.dsc
  to main/r/rails/rails_2.3.5-1.2+squeeze3.dsc
rails_2.3.5-1.2+squeeze3_all.deb
  to main/r/rails/rails_2.3.5-1.2+squeeze3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 668607@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated rails package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 13 Apr 2012 15:45:20 +0200
Source: rails
Binary: rails rails-ruby1.8 rails-doc libactiverecord-ruby libactiverecord-ruby1.8 libactiverecord-ruby1.9.1 libactivesupport-ruby libactivesupport-ruby1.8 libactivesupport-ruby1.9.1 libactionpack-ruby libactionpack-ruby1.8 libactionmailer-ruby libactionmailer-ruby1.8 libactiveresource-ruby libactiveresource-ruby1.8
Architecture: source all
Version: 2.3.5-1.2+squeeze3
Distribution: stable-security
Urgency: low
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description: 
 libactionmailer-ruby - Framework for generation of customized email messages
 libactionmailer-ruby1.8 - Framework for generation of customized email messages
 libactionpack-ruby - Controller and View framework used by Rails
 libactionpack-ruby1.8 - Controller and View framework used by Rails
 libactiverecord-ruby - ORM database interface for ruby
 libactiverecord-ruby1.8 - ORM database interface for ruby
 libactiverecord-ruby1.9.1 - ORM database interface for ruby
 libactiveresource-ruby - Connects objects and REST web services
 libactiveresource-ruby1.8 - Connects objects and REST web services
 libactivesupport-ruby - utility classes and extensions (Ruby 1.8)
 libactivesupport-ruby1.8 - utility classes and extensions (Ruby 1.8)
 libactivesupport-ruby1.9.1 - utility classes and extensions (Ruby 1.8)
 rails      - MVC ruby based framework geared for web application development
 rails-doc  - Documentation for rails, a MVC ruby based framework
 rails-ruby1.8 - MVC ruby based framework geared for web application development
Closes: 668607
Changes: 
 rails (2.3.5-1.2+squeeze3) stable-security; urgency=low
 .
   * Fix vulnerability for users that generate their own options tags for
     use with the select helper in Ruby On Rails [CVE-2012-1099]
     (Closes: #668607)
Checksums-Sha1: 
 641ff494775ddc9a2cffef58b1d64285dba38435 2082 rails_2.3.5-1.2+squeeze3.dsc
 f9ff7a3c8e7779be0b38d7ffac4530ed4fb3f593 24820 rails_2.3.5-1.2+squeeze3.debian.tar.gz
 62b09e1607b54b9e81083936900d168254beeb30 12124 rails_2.3.5-1.2+squeeze3_all.deb
 c58a5114b13eaf550caa01eb2807b143c1dcdea3 221556 rails-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 8b311eb39a5665e163d5605acd2fa59540383954 899352 rails-doc_2.3.5-1.2+squeeze3_all.deb
 c0be3b1bb6a353178a767da982887947f364a674 9564 libactiverecord-ruby_2.3.5-1.2+squeeze3_all.deb
 c406a3fe33ea67e4ba614cec91363d11f2ab37f9 265136 libactiverecord-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 23da0084093c1afebc0c55d13ab4776f724ed157 265146 libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze3_all.deb
 636c21a459d11d13de7f9f57952a3737c7ee125a 9508 libactivesupport-ruby_2.3.5-1.2+squeeze3_all.deb
 52366c958aa0a35b8bb611988cf3dde1151c36a0 253914 libactivesupport-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 725e5282380899a1773ce7abaf65590e1ea554ae 253890 libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze3_all.deb
 b7f59fc634281261e89717151073a85762f00b40 9652 libactionpack-ruby_2.3.5-1.2+squeeze3_all.deb
 9b3d80da2580843e2e2272e322f332e20eaec275 321838 libactionpack-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 ce76b34d6e82029e97cf80f05b2bbc3bbbf6a3f9 9600 libactionmailer-ruby_2.3.5-1.2+squeeze3_all.deb
 0b91311b0e0655ec0e72e2e241ceff11401ba3cd 31910 libactionmailer-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 8524a2e7f17cafddef69bf7eeae96a554dde75bc 9622 libactiveresource-ruby_2.3.5-1.2+squeeze3_all.deb
 b8360782113fe6d07a7f03beee27e639da5f2a40 37032 libactiveresource-ruby1.8_2.3.5-1.2+squeeze3_all.deb
Checksums-Sha256: 
 de345fdb187171507bf87850133aee9498a10dd14c1fa604f05b263e8a882024 2082 rails_2.3.5-1.2+squeeze3.dsc
 db4c4288a9dd16500f21ece8f7a20f54f03b46bc0934afcf904be52a93db81c9 24820 rails_2.3.5-1.2+squeeze3.debian.tar.gz
 0d1ae7001cc5c56267ecd7085c6c14609716e3562e37df8c5b4f58b0f74ad237 12124 rails_2.3.5-1.2+squeeze3_all.deb
 13b3dc445213e47219ac7864e8f5533b7bb3e0d512f0e317673d107649501adc 221556 rails-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 0a720857e4431ef58e3ae8330e6746ebd748586650da64883af89562c85efcb0 899352 rails-doc_2.3.5-1.2+squeeze3_all.deb
 63499dce9813fba5e8e2ca4bcf191e20ff00da3a9862e7de16d5bc2dd0a467b6 9564 libactiverecord-ruby_2.3.5-1.2+squeeze3_all.deb
 970eb68d8d70ebc2a1db447a64122f4b39e2b0475bfbc64f43ce4144a2e2173e 265136 libactiverecord-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 5af46ffb4e8036261ffe722314aed9711a07e6103a17344fbd3a907b0a7c62a7 265146 libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze3_all.deb
 879500d35951e4b9048b7ba752fc42e380b4860ba8264316bf3a9fb25ffa9907 9508 libactivesupport-ruby_2.3.5-1.2+squeeze3_all.deb
 bdb694202db6e26b19fa93e6906ebfc91a0f548267800fc1cd23271ab5c1297c 253914 libactivesupport-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 5c072e1376ee8bd1d1ffba8c6ddc05325b567d0e85fbed61b74cff03cf456589 253890 libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze3_all.deb
 ce1d06503777abb22a47480e1e287e476032ce362634c701e3c25c77239a529b 9652 libactionpack-ruby_2.3.5-1.2+squeeze3_all.deb
 35101579310396835db509392723d55be0443e7669e9df348363623fbb1d57bc 321838 libactionpack-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 24796cbd9349335eb3bf3364f847013b4ae5479e25547bfc47f91a7f6cfe368f 9600 libactionmailer-ruby_2.3.5-1.2+squeeze3_all.deb
 5a68f8ef80004b6af8786f4377e803e1a8b7bd5af6afb3fdd841439974db6a9c 31910 libactionmailer-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 2bfe2b1100fc34eb495782117d943abc8960d26af29c44f19c22916bb7b814cb 9622 libactiveresource-ruby_2.3.5-1.2+squeeze3_all.deb
 f09fb8d40878405fa07cc09487f346aea012d39bbbb77396ba9fb174237c60ce 37032 libactiveresource-ruby1.8_2.3.5-1.2+squeeze3_all.deb
Files: 
 c78e0b33a0d0b22801ac50dd9395f824 2082 ruby optional rails_2.3.5-1.2+squeeze3.dsc
 40998a924e873f1d56bbec15ae1b03a6 24820 ruby optional rails_2.3.5-1.2+squeeze3.debian.tar.gz
 2c29d5741679b83245a536859f09b879 12124 ruby optional rails_2.3.5-1.2+squeeze3_all.deb
 dc6d340f53ca0c8c4f94b6ac5c1abb02 221556 ruby optional rails-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 fb454f56221d0937819eb5db2bc397ff 899352 doc optional rails-doc_2.3.5-1.2+squeeze3_all.deb
 86b0838f1a9d276962cb7a7d2178e698 9564 ruby optional libactiverecord-ruby_2.3.5-1.2+squeeze3_all.deb
 2a4ce5aada9747f10ac8c3cf1a220575 265136 ruby optional libactiverecord-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 d1ed08541ec5e6cf895a1aa3e60e5fb5 265146 ruby optional libactiverecord-ruby1.9.1_2.3.5-1.2+squeeze3_all.deb
 64276c0d5cd3fd04011c46da6d972063 9508 ruby optional libactivesupport-ruby_2.3.5-1.2+squeeze3_all.deb
 6cac07c3e69a655af79a64c44908fec8 253914 ruby optional libactivesupport-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 27bdcef7385df67dee8b98996261962b 253890 ruby optional libactivesupport-ruby1.9.1_2.3.5-1.2+squeeze3_all.deb
 48a66428ac0f6100c79076d705d8367a 9652 ruby optional libactionpack-ruby_2.3.5-1.2+squeeze3_all.deb
 0c87f70ddbe44a5f7edf28b5512c26d2 321838 ruby optional libactionpack-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 b0abdd874c5f5b29c0b8be0a671c42dd 9600 ruby optional libactionmailer-ruby_2.3.5-1.2+squeeze3_all.deb
 44c7e7811c9695905a20603e4f98fa2d 31910 ruby optional libactionmailer-ruby1.8_2.3.5-1.2+squeeze3_all.deb
 eb729ac86aaa0f94c605275bdb38c19e 9622 ruby optional libactiveresource-ruby_2.3.5-1.2+squeeze3_all.deb
 13900476cb517f4d42499064a1db9980 37032 ruby optional libactiveresource-ruby1.8_2.3.5-1.2+squeeze3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJPq/tlAAoJEOxfUAG2iX571mcH/iMj6Xin5dYtZ5zaLxBlfihQ
Eswl+0od11Fx4ZJacPOOsSDkY83ZOLUp8MD7RfMPbYSxNflnVyhr5t5GWr9azXr7
ak19MM26A+6HnrI80zg4i1l7RdttRafx2fjSRVXMk/0F09FC1uXb4jxDedFOKOqe
QiRq/BKOmRUdKLNDJV5fBFTfzsxFwMIHdlV7jAq5EuofPCWfSJBlxbEMyt/WztLN
WEy5wXKnwfCvBnUMML9ckt05YYHV46+lnLAviKsxSCurlUukpUGKUsGIip3xWNEj
dwoIdjQOEjouShkrdSZPqPyKDJMiZjN7izz5+2bSuErTQdszC2kz7ZMJfs1rrEo=
=tgPc
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 30 Sep 2012 07:25:56 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:47:46 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started