[DRE-commits] [rails] 02/02: New upstream release
Antonio Terceiro
terceiro at moszumanska.debian.org
Thu Jan 28 13:05:22 UTC 2016
This is an automated email from the git hooks/post-receive script.
terceiro pushed a commit to branch master
in repository rails.
commit 06a8a5485abbe1f127e2cd095969110d1689e4a8
Author: Antonio Terceiro <terceiro at debian.org>
Date: Thu Jan 28 10:58:58 2016 -0200
New upstream release
---
debian/changelog | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 25c6ca8..13cf974 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+rails (2:4.2.5.1-1) unstable; urgency=high
+
+ * New upstream release. Includes fixes for the following several security
+ issues:
+ - [CVE-2015-7576] Timing attack vulnerability in basic authentication in
+ Action Controller.
+ - [CVE-2016-0751] Possible Object Leak and Denial of Service attack in
+ Action Pack
+ - [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record.
+ - [CVE-2016-0752] Possible Information Leak Vulnerability in Action View
+ - [CVE-2016-0753] Possible Input Validation Circumvention in Active Model
+ - [CVE-2015-7581] Object leak vulnerability for wildcard controller routes
+ in Action Pack
+
+ -- Antonio Terceiro <terceiro at debian.org> Thu, 28 Jan 2016 10:56:35 -0200
+
rails (2:4.2.5-1) unstable; urgency=medium
* New upstream release
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/rails.git
More information about the Pkg-ruby-extras-commits
mailing list