[DRE-commits] [rails-3.2] 01/01: note CVE's closed; release to unstable

[Antonio Terceiro]

This is an automated email from the git hooks/post-receive script.

terceiro pushed a commit to branch master
in repository rails-3.2.

commit b49d6eca7e5842be8e165decd9a402acc393fcac
Author: Antonio Terceiro <terceiro at debian.org>
Date:   Tue Feb 25 22:37:54 2014 -0300

    note CVE's closed; release to unstable
---
 debian/changelog | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 68e2037..72b64f3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,10 @@
-rails-3.2 (3.2.17-1) UNRELEASED; urgency=medium
+rails-3.2 (3.2.17-1) unstable; urgency=medium
 
-  * New upstream release
+  * New upstream release. Includes fixes for the following security issues:
+    - XSS Vulnerability in number_to_currency, number_to_percentage and
+      number_to_human [CVE-2014-0081]
+    - Denial of Service Vulnerability in Action View when using render :text
+      [CVE-2014-0082]
   * make ruby-activesupport-3.2 depend on ruby-test-unit since the patch
     changing test-unit to minitest was dropped (Closes: #733423, #738747)
   * ruby-rails-3.2: add ruby-uglifier to Recommends:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/rails-3.2.git