1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5881-1] rails security update

    From Moritz Muehlenhoff@21:1/5 to All on Mon Mar 17 20:50:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5881-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff
    March 17, 2025 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : rails
    CVE ID : CVE-2023-28362 CVE-2023-38037 CVE-2024-26144 CVE-2024-28103
    CVE-2024-41128 CVE-2024-47887 CVE-2024-47888 CVE-2024-47889
    CVE-2024-54133

    Multiple security issues were discovered in the Rails web framework
    which could result cross-site scripting, information disclosure, denial
    of service or bypass of content security policies.

    For the stable distribution (bookworm), these problems have been fixed in version 2:6.1.7.10+dfsg-1~deb12u1.

    We recommend that you upgrade your rails packages.

    For the detailed security status of rails please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/rails

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmfYenoACgkQEMKTtsN8 Tja2Yw/+Kggx8/SSWgz9K+/G+JSqCG76Esj/NsWKhRRce9q7V/gsfarx9GUd2XV0 9M3IPyXR38ZOgd3Pb0oh+Z3LL+yJgy1nhp3h/a2/LzC08YQlRLrsoQjOcc2xvor2 aeOPou8lnFQ2G7XBahCqDrDfkzuw9KkfRjxA1XtROHlSNQk2RoTqD3PkiGyezIsC 1pq7YkQmCwNxYwNWytiMbgSjNaq3wBGhV1cvvLZKRbyOnyw3j8KwgcNejG/ryeAn Gw9k+3xcz1iBI9soD+oGMVPzLphqIEFDfWCAawUp4aFQ7OW+weCdZSPH/NMrnc+w D7uyy+LbDs4FLurbJXsrW7xN47Vq3mWu/2TgL1XDIdyMP9zELpSD+sZltmC3Lv9K xxWBUmIrM6chFRr8gInkqCkBDeZgE9/oPAY/2TlvI/2QUBfUQtubLMtPIn0knB0r 9kUWlDcP1ZfV131qhz7NC0NCD7CQ+hAQzb+ykQl3kv6IyCKTgcbDVFA2ycJqPACK IzOTmyIkcYe5qXevbz4Rw2RjnpgK+U3i0Dr7MyGcEuVjvrFTqQYi0IVsa/Ct/qvf X5xRG25QsZRRHh2V+bEVDCRux0lgLVKKHQjlgQUaPf6eM1cerLcrOCYoQMWWwE74 8K620ZmNXzKCxa3QPkA3BltR2RfrOGB7nYHUii8kmr8TtasJ6gw=
    =AvN2
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)