Debian Bug report logs -
#770934
rails: CVE-2014-7818 CVE-2014-7829
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 25 Nov 2014 10:42:02 UTC
Severity: important
Tags: security
Fixed in version rails/2:4.1.8-1
Done: Antonio Terceiro <terceiro@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#770934; Package rails.
(Tue, 25 Nov 2014 10:42:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>.
(Tue, 25 Nov 2014 10:42:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: rails
Severity: important
Tags: security
Hi,
please see http://seclists.org/oss-sec/2014/q4/648 and
http://www.openwall.com/lists/oss-security/2014/10/30/5
for details.
Cheers,
Moritz
Reply sent
to Antonio Terceiro <terceiro@debian.org>:
You have taken responsibility.
(Wed, 03 Dec 2014 16:03:18 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Wed, 03 Dec 2014 16:03:18 GMT) (full text, mbox, link).
Message #10 received at 770934-close@bugs.debian.org (full text, mbox, reply):
Source: rails
Source-Version: 2:4.1.8-1
We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 770934@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <terceiro@debian.org> (supplier of updated rails package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 25 Nov 2014 16:51:50 -0200
Source: rails
Binary: ruby-activesupport ruby-activesupport-2.3 ruby-activerecord ruby-activemodel ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails
Architecture: source all
Version: 2:4.1.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Antonio Terceiro <terceiro@debian.org>
Description:
rails - MVC ruby based framework geared for web application development (
ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai
ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R
ruby-actionview - framework for handling view template lookup and rendering (part o
ruby-activemodel - toolkit for building modeling frameworks (part of Rails)
ruby-activerecord - object-relational mapper framework (part of Rails)
ruby-activesupport - Support and utility classes used by the Rails 4.1 framework
ruby-activesupport-2.3 - transitional dummy package
ruby-rails - MVC ruby based framework geared for web application development
ruby-railties - tools for creating, working with, and running Rails applications
Closes: 768850 770934
Changes:
rails (2:4.1.8-1) unstable; urgency=medium
.
* New upstream release
- Includes only bug fixes and no behavior changes. In special, includes
fix for [CVE-2014-7818] and [CVE-2014-7829] (Arbitrary file existence
disclosure in Action Pack) (Closes: #770934)
* Add new transitional binary package ruby-activesupport-2.3 plus
appropriate Breaks:/Replaces: fieds in all binary packages to ensure
upgrades from wheezy work (Closes: #768850)
- Many thanks to Andreas Beckmann for helping debug the upgrade issue.
Checksums-Sha1:
e7284380df1e5cfff26778319c9bd7bc1413ee39 2543 rails_4.1.8-1.dsc
b9b860ebcc29bc0e208c1eec50842db9bb92765b 3711426 rails_4.1.8.orig.tar.gz
31ab8acccc861d93c9c116c6fbff81d04bc3978b 88364 rails_4.1.8-1.debian.tar.xz
47cf441ed80aca2636a7715e0d850ca54dead12c 206486 ruby-activesupport_4.1.8-1_all.deb
b34ac0ba573eade8ed52dd55598a9178e07c2ba6 10948 ruby-activesupport-2.3_4.1.8-1_all.deb
7401d5a85f903a88ffdc4ad98ca8a092901e0942 267976 ruby-activerecord_4.1.8-1_all.deb
6a7d6813bcbd1f1c6741bef03b069b18a0227550 48214 ruby-activemodel_4.1.8-1_all.deb
053895f8c77863b7897586b6528d6faefedb06e0 140734 ruby-actionview_4.1.8-1_all.deb
6ea7a7767504f53afa763fa95a3f515651d6d2ed 169342 ruby-actionpack_4.1.8-1_all.deb
2aaacca6419b8da9d2cc71560723b3ca4e0cc611 31094 ruby-actionmailer_4.1.8-1_all.deb
08e53d6e7bfe00200b96b9d681111bbf19e99981 118782 ruby-railties_4.1.8-1_all.deb
bfd4243c4c210e4eec6e3576b6462582c2933b6c 15998 ruby-rails_4.1.8-1_all.deb
747c3243da3f45640a36eba797af634d9e170dbe 11234 rails_4.1.8-1_all.deb
Checksums-Sha256:
eed319ca0572fbc0e74a5f1165f29b2c918c62be1e70c209f5666806dd8e2e2e 2543 rails_4.1.8-1.dsc
419e7cdd8e7fd2b2d45d3a37fb37f01b70ada51db77ca116f83636711d845814 3711426 rails_4.1.8.orig.tar.gz
5a02a079f660f6c3bdb53489bbb6b7551e64eaaef86ea1cbdde764e73cd67cc5 88364 rails_4.1.8-1.debian.tar.xz
b56b43b6d8bfa3ae4f12a648008c87f961d333988c47cd829aee69189a12fe06 206486 ruby-activesupport_4.1.8-1_all.deb
ce20feab97343e47664a385e747d4cf6f11cec9ed3d081565378985239f89182 10948 ruby-activesupport-2.3_4.1.8-1_all.deb
308d8acb503d3571d95be0ddedb5a9524e3f8d73a589a6fcd810c158c2cf7a54 267976 ruby-activerecord_4.1.8-1_all.deb
f835579fcc1247270b8ead34d47cb63ba0702ceafbb2f827dfaca463fdc8b9fd 48214 ruby-activemodel_4.1.8-1_all.deb
527c36bdd614e1a4e6106ac9967defcad00049db6dfd65d09b2861215a253e79 140734 ruby-actionview_4.1.8-1_all.deb
efdc6428832a92d2425e77a214328bc1caa12fcbce2559bea209b809e4755ba0 169342 ruby-actionpack_4.1.8-1_all.deb
cdae6284c0e57f7f7d1d7709599862c3cee7c1acb904ae18723e64f9069a77f1 31094 ruby-actionmailer_4.1.8-1_all.deb
b7dd6d1f975e594f39ff60e1780b4e38dc9bfc22c4c209c17a9a73c9845ab1e0 118782 ruby-railties_4.1.8-1_all.deb
49e09b09524e9d6ac4d3d6a008972fb0406678cdb3a47b8371629400bdac848f 15998 ruby-rails_4.1.8-1_all.deb
304b8af3be7a70fc928878858a15fc28429a79d60c94d5ffd5d7d0f5c4c0f261 11234 rails_4.1.8-1_all.deb
Files:
8d3361c762f7183b2c57a6e3ecb3b1b8 2543 ruby optional rails_4.1.8-1.dsc
0b118bca039a4beddbdafa128b7d85e6 3711426 ruby optional rails_4.1.8.orig.tar.gz
6cd490d34d53e7b49e8393e1459a0780 88364 ruby optional rails_4.1.8-1.debian.tar.xz
5b259edd2d2208d7199735a688bad3ee 206486 ruby optional ruby-activesupport_4.1.8-1_all.deb
ef41932b17961fe493ae52f9664d245b 10948 ruby optional ruby-activesupport-2.3_4.1.8-1_all.deb
d29a56ae1858694cdbf2da8c95d5ead4 267976 ruby optional ruby-activerecord_4.1.8-1_all.deb
f98d728c5c672de27a782397a2b3b88b 48214 ruby optional ruby-activemodel_4.1.8-1_all.deb
93ffb476c8faab0527a9d9b017f330cb 140734 ruby optional ruby-actionview_4.1.8-1_all.deb
3036d5e30324d276503a57afca70c1af 169342 ruby optional ruby-actionpack_4.1.8-1_all.deb
3d96a0fc2d897ef7d0bfdbb3a232d8f7 31094 ruby optional ruby-actionmailer_4.1.8-1_all.deb
2521e494b5b3c37034e22b8846f08027 118782 ruby optional ruby-railties_4.1.8-1_all.deb
1bd48cfb6c572c70e18addfd4194c3aa 15998 ruby optional ruby-rails_4.1.8-1_all.deb
bb22ad850da8bdb806d02561cf1af745 11234 ruby optional rails_4.1.8-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUdNCzAAoJEPwNsbvNRgveW4cQANM0boCWTenMQgPtIctjDgvc
M8tFysuwCUHsN9jMRofQRRknPaoDsIaZ+NbAcXsOPSxHwvRasf5+C58zSFakGdMM
ROfJntDpdQIftSBaoFtuZHIVhNxn7G+Ukj4/p786qpDx2FL/MVtrKrr8ScON9OhZ
+FUvUfBFe4OXKGqreIvs1ZSzNEFCLLG18sTC1GyvW9rwZbM7B3EzR/u/l6Y/czkB
nmjyLQMjrQeo4KRHH5Jjd+NnoZuQbI0jK9fzMiBW5MuxmrztqfW0O5p1mqPsdWkz
N4tHwC1NDVQUT1LocESyp+9vfR/JdvqJ0tY7+sGLrSg0Arvl/QCtZ3Vveel6qYMN
2Orlj1rvMA76xKBPSZBRiExzTKmPGhHcAIwBxi2C4iOWRd2Oisa8wUnVq6QuVAtY
wYbqHxWbOUQBdd6MS/0WLp8HbqoEUGBP8D4kZ0dQrB4DAjMubBmNA41YXq30S7l7
Pwt78GGfchWbSfD+Mr0s0VcAX0SmUo3O1DZs17VH5/4Y6lD+vB2pKU0/X0XbtqMO
FAdSaEM8PfKbKdazLT6YifMG18FxRQL0km4SXGFSOJyiipKyNAQ6t+4eJDdmcM3/
Svn3JTYiVfzCkAFEj807sl8zDkTvAnKFihBXmWJztFaQTLybI1J2XWiCfRSgPONa
ZkKt2zoDGgEMLgfFd4yF
=ws9R
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 06 Jan 2015 07:29:40 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:33:35 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon