[DRE-commits] [rails] 02/02: New upstream release

Antonio Terceiro terceiro at moszumanska.debian.org
Thu Jan 28 13:05:22 UTC 2016


This is an automated email from the git hooks/post-receive script.

terceiro pushed a commit to branch master
in repository rails.

commit 06a8a5485abbe1f127e2cd095969110d1689e4a8
Author: Antonio Terceiro <terceiro at debian.org>
Date:   Thu Jan 28 10:58:58 2016 -0200

    New upstream release
---
 debian/changelog | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 25c6ca8..13cf974 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+rails (2:4.2.5.1-1) unstable; urgency=high
+
+  * New upstream release. Includes fixes for the following several security
+    issues:
+    - [CVE-2015-7576] Timing attack vulnerability in basic authentication in
+                      Action Controller.
+    - [CVE-2016-0751] Possible Object Leak and Denial of Service attack in
+                      Action Pack
+    - [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record.
+    - [CVE-2016-0752] Possible Information Leak Vulnerability in Action View
+    - [CVE-2016-0753] Possible Input Validation Circumvention in Active Model
+    - [CVE-2015-7581] Object leak vulnerability for wildcard controller routes
+                      in Action Pack
+
+ -- Antonio Terceiro <terceiro at debian.org>  Thu, 28 Jan 2016 10:56:35 -0200
+
 rails (2:4.2.5-1) unstable; urgency=medium
 
   * New upstream release

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/rails.git



More information about the Pkg-ruby-extras-commits mailing list