Change log for ruby-actionpack-3.2 package in Debian
| 1 → 18 of 18 results | First • Previous • Next • Last |
| Published in wheezy-release |
ruby-actionpack-3.2 (3.2.6-6+deb7u2) wheezy-security; urgency=medium
* [CVE-2014-0081] XSS Vulnerability in number_to_currency,
number_to_percentage and number_to_human
* [CVE-2014-0082] Denial of Service Vulnerability in Action View when using
render :text
* [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route
Configurations (Closes: #747641)
-- Antonio Terceiro <email address hidden> Sat, 10 May 2014 14:33:15 -0300
| Superseded in wheezy-release |
ruby-actionpack-3.2 (3.2.6-6+deb7u1) wheezy-security; urgency=low * [CVE-2013-6417] Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) * [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails * [CVE-2013-6414] Denial of Service Vulnerability in Action View * [CVE-2013-6415] XSS Vulnerability in number_to_currency * [CVE-2013-4389] Fix Possible DoS Vulnerability in Action Mailer -- Ondřej Surý <email address hidden> Wed, 04 Dec 2013 11:39:44 +0100
ruby-actionpack-3.2 (3.2.16-3) unstable; urgency=medium
* Fix invalid gemspec data in patch (again)
debian/patches/0001-loosen_sprockets_dependency.patch: the problem was
that when 2.2.1 is replaced by 2.2, the YAML parser thinks that 2.2 is a
floating point number, but version numbers are supposed to be strings! So
the fix is to put quote around the 2.2 ('2.2'), forcing it to be parsed
as a string.
Closes: #732805
* debian/patches/0004-allow_newer_versions.patch: refresh
-- Antonio Terceiro <email address hidden> Wed, 18 Dec 2013 18:01:29 -0300
Available diffs
- diff from 3.2.13-7 to 3.2.16-3 (11.0 KiB)
- diff from 3.2.16-2 to 3.2.16-3 (1.1 KiB)
ruby-actionpack-3.2 (3.2.16-2) unstable; urgency=high * Allow to depend on ruby-rack (<< 1.4) to make backports easier -- Ondřej Surý <email address hidden> Fri, 06 Dec 2013 10:55:12 +0100
Available diffs
- diff from 3.2.16-1 to 3.2.16-2 (359 bytes)
ruby-actionpack-3.2 (3.2.16-1) unstable; urgency=high * New upstream version 3.2.16 * Update debian/control to rails release 3.2.16 -- Ondřej Surý <email address hidden> Wed, 04 Dec 2013 17:40:28 +0100
Available diffs
- diff from 3.2.13-9 to 3.2.16-1 (9.8 KiB)
ruby-actionpack-3.2 (3.2.13-9) unstable; urgency=low * Tighten rack dependency to 1.4 only. (Closes: #711236) -- Christian Hofstaedtler <email address hidden> Mon, 02 Dec 2013 23:17:48 +0100
ruby-actionpack-3.2 (3.2.13-7) unstable; urgency=low [ Christian Hofstaedtler ] * Bump journey, sprockets dependency to match gem metadata * Allow newer versions of various dependencies * Fix format of debian-copyright (missing-license-paragraph-in-dep5-copyright) -- Antonio Terceiro <email address hidden> Mon, 03 Jun 2013 22:06:15 -0300
Available diffs
- diff from 3.2.13-6 to 3.2.13-7 (1.6 KiB)
ruby-actionpack-3.2 (3.2.13-6) unstable; urgency=low
* Bump Standards-Version to 3.9.4; no changes needed.
* update debian/control.in to reflect changes in debian/control
* Fix invalid gemspec data in patch
debian/patches/0001-loosen_sprockets_dependency.patch: the problem was
that when 2.2.1 is replaced by 2.2, the YAML parser thinks that 2.2 is a
floating point number, but version numbers are supposed to be strings! So
the fix is to put quote around the 2.2 ('2.2'), forcing it to be parsed
as a string. (Closes: #710819)
-- Antonio Terceiro <email address hidden> Sun, 02 Jun 2013 17:14:18 -0300
Available diffs
- diff from 3.2.13-5 to 3.2.13-6 (1.4 KiB)
ruby-actionpack-3.2 (3.2.13-5) unstable; urgency=low * Upload to unstable. -- Ondřej Surý <email address hidden> Thu, 23 May 2013 11:10:30 +0200
Available diffs
- diff from 3.2.6-6 to 3.2.13-5 (119.8 KiB)
| Deleted in experimental-release (Reason: None provided.) |
ruby-actionpack-3.2 (3.2.13-4) experimental; urgency=low
* Remove all unneeded ruby/rails build dependencies, and drop
${shlib:Depends}.
-- Ondřej Surý <email address hidden> Fri, 22 Mar 2013 14:28:35 +0100
ruby-actionpack-3.2 (3.2.6-6) unstable; urgency=high * [CVE-2013-1855]: Fix XSS vulnerability in sanitize_css in Action Pack * [CVE-2013-1857]: Fix XSS Vulnerability in the sanitize helper of Ruby on Rails -- Ondřej Surý <email address hidden> Tue, 19 Mar 2013 09:45:34 +0100
Available diffs
- diff from 3.2.6-5 to 3.2.6-6 (1.3 KiB)
ruby-actionpack-3.2 (3.2.6-5) unstable; urgency=high
* debian/patches/CVE-2013-0155.patch: fix Unsafe Query Generation Risk
[CVE-2013-0155] (Closes: #697802)
-- Antonio Terceiro <email address hidden> Wed, 09 Jan 2013 18:25:45 -0300
Available diffs
- diff from 3.2.6-4 to 3.2.6-5 (1.4 KiB)
ruby-actionpack-3.2 (3.2.6-4) unstable; urgency=high
* Add patches for security problems (Closes: #684454):
+ CVE-2012-3463 - Ruby on Rails Potential XSS Vulnerability in select_tag
prompt
+ CVE-2012-3465 - XSS Vulnerability in strip_tags
+ Both patches were edited from their original versions in two ways:
- the leading a/ and b/ from the filenames were stripped
- changes over test files were removed, since the Debian package
contains no test files.
-- Antonio Terceiro <email address hidden> Fri, 10 Aug 2012 13:08:08 -0300
Available diffs
- diff from 3.2.6-3 to 3.2.6-4 (1.5 KiB)
ruby-actionpack-3.2 (3.2.6-3) unstable; urgency=high * Add patch by Aaron Patterson for CVE-2012-3424 (Closes: #683370) -- Antonio Terceiro <email address hidden> Sat, 04 Aug 2012 09:28:12 -0300
Available diffs
- diff from 3.2.6-2 to 3.2.6-3 (861 bytes)
ruby-actionpack-3.2 (3.2.6-2) unstable; urgency=low * Bump build dependency to gem2deb >= 0.3.0~ -- Antonio Terceiro <email address hidden> Sun, 24 Jun 2012 19:06:43 -0300
Available diffs
- diff from 3.2.6-1 to 3.2.6-2 (485 bytes)
ruby-actionpack-3.2 (3.2.6-1) unstable; urgency=low
* New upstream release.
* debian/control:
+ review short description
+ add myself to Uploaders:
-- Antonio Terceiro <email address hidden> Sat, 16 Jun 2012 21:15:28 -0300
Available diffs
- diff from 3.2.3-2 to 3.2.6-1 (11.7 KiB)
ruby-actionpack-3.2 (3.2.3-2) unstable; urgency=low
* Add Conflict with ruby-actionpack-2.3 (Closes: #673737)
* B-D ruby-activerecord-3.2 and ruby-activesupport-3.2 are already
in unstable (Closes: #671986)
-- Ondřej Surý <email address hidden> Wed, 23 May 2012 13:03:07 +0200
ruby-actionpack-3.2 (3.2.3-1) unstable; urgency=low * Initial release -- Ondřej Surý <email address hidden> Wed, 25 Apr 2012 09:14:01 +0000
| 1 → 18 of 18 results | First • Previous • Next • Last |
