-
rails (2:4.1.8-1+deb8u1build0.15.04.1) vivid-security; urgency=medium
* fake sync from Debian
rails (2:4.1.8-1+deb8u1) jessie-security; urgency=high
* Security updates:
- [CVE-2015-3227] Possible Denial of Service attack in Active Support
(Closes: #790487)
- [CVE-2015-3226] XSS Vulnerability in ActiveSupport::JSON.encode
(Closes: #790486)
- [CVE-2015-7576] Timing attack vulnerability in basic authentication in
Action Controller.
- [CVE-2016-0751] Possible Object Leak and Denial of Service attack in
Action Pack
- [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record.
- [CVE-2016-0752] Possible Information Leak Vulnerability in Action View
- [CVE-2016-0753] Possible Input Validation Circumvention in Active Model
- [CVE-2015-7581] Object leak vulnerability for wildcard controller routes
in Action Pack
-- Tyler Hicks <email address hidden> Mon, 01 Feb 2016 11:04:46 -0600
-
rails (2:4.1.8-1) unstable; urgency=medium
* New upstream release
- Includes only bug fixes and no behavior changes. In special, includes
fix for [CVE-2014-7818] and [CVE-2014-7829] (Arbitrary file existence
disclosure in Action Pack) (Closes: #770934)
* Add new transitional binary package ruby-activesupport-2.3 plus
appropriate Breaks:/Replaces: fieds in all binary packages to ensure
upgrades from wheezy work (Closes: #768850)
- Many thanks to Andreas Beckmann for helping debug the upgrade issue.
-- Antonio Terceiro <email address hidden> Tue, 25 Nov 2014 16:51:50 -0200
-
rails (2:4.1.6-2) unstable; urgency=medium
* fix upgrades from wheezy:
- Remove Breaks: against old packages provided by previous versions of
Rails The Replaces: fields, left untouched, outght to be enough.
- ruby-actionview: Replaces ruby-actionpack-{2.3,3.2} since
ruby-actionview contains files that used to be in ruby-actionpack-*
- ruby-railties: Breaks/Replaces rails (<< 2:4) since ruby-railties
contains /usr/bin/rails which used to be in rails.
* debian/copyright: minor updates
-- Antonio Terceiro <email address hidden> Tue, 30 Sep 2014 18:33:36 -0300
-
rails (2:4.1.4-5) unstable; urgency=medium
* ruby-actionmailer: relax dependency on ruby-mail to work with the 2.6.x
series
-- Antonio Terceiro <email address hidden> Mon, 04 Aug 2014 14:38:18 -0300
-
rails (2:3.2.13+1) unstable; urgency=low
[ Cédric Boutillier ]
* debian/control: remove obsolete DM-Upload-Allowed flag
* Use canonical URI in Vcs-* fields
[ Ondřej Surý ]
* Upload Rail 3.2 as default version to unstable.
* Add ruby-activemodel and ruby-railties dummy packages
-- Ondřej Surý <email address hidden> Mon, 27 May 2013 14:37:22 +0200
