Accepted rails 2:4.2.7.1-1+deb9u3 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted rails 2:4.2.7.1-1+deb9u3 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 20 Jul 2020 13:00:16 +0000
Message-id: <[🔎] E1jxVOy-0004F7-ON@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 29 Jun 2020 09:55:00 +0200
Source: rails
Binary: ruby-activesupport ruby-activerecord ruby-activemodel ruby-activejob ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails
Architecture: source
Version: 2:4.2.7.1-1+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 rails      - MVC ruby based framework geared for web application development (
 ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai
 ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R
 ruby-actionview - framework for handling view template lookup and rendering (part o
 ruby-activejob - job framework with pluggable queues
 ruby-activemodel - toolkit for building modeling frameworks (part of Rails)
 ruby-activerecord - object-relational mapper framework (part of Rails)
 ruby-activesupport - Support and utility classes used by the Rails 4.1 framework
 ruby-rails - MVC ruby based framework geared for web application development
 ruby-railties - tools for creating, working with, and running Rails applications
Changes:
 rails (2:4.2.7.1-1+deb9u3) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2020-8164: possible Strong Parameters Bypass in ActionPack
   * CVE-2020-8165: potentially unintended unmarshalling of user-provided
     objects in MemCacheStore
   * CVE-2020-8163: potential remote code execution of user-provided
     local names
Checksums-Sha1:
 690e46ebb3f0b843b47b4655bf4cfdd6a5d3f937 3174 rails_4.2.7.1-1+deb9u3.dsc
 d8389a376f2b03547b1ce8f8df26f69f85e65d42 4181681 rails_4.2.7.1.orig.tar.gz
 fa218fadc64e42c3e3e7191c50c97e3f02cc0b3c 96412 rails_4.2.7.1-1+deb9u3.debian.tar.xz
 a18b1d2aa9cdadf6025ee9f37429971efd6d2dbf 10984 rails_4.2.7.1-1+deb9u3_amd64.buildinfo
Checksums-Sha256:
 d61f013cc1f01ab7227c4060ada38f5c0f6b81b62b5a159ba3b8c8f95d07e48d 3174 rails_4.2.7.1-1+deb9u3.dsc
 bfa7854f1b35e449b78db2af83fe660f17b101a487728fcfc6fb623967fb4783 4181681 rails_4.2.7.1.orig.tar.gz
 af5189c787b6127f8822d6ce4d09e0b15b39ce42b1d2617b3fd7ba6475358e0f 96412 rails_4.2.7.1-1+deb9u3.debian.tar.xz
 ef8881106cf7862f8df15684dc8b8423f7b496aa09126eb51a5cf6e14599f61c 10984 rails_4.2.7.1-1+deb9u3_amd64.buildinfo
Files:
 b38437a852d8b4c338ac0c7432f7cd78 3174 ruby optional rails_4.2.7.1-1+deb9u3.dsc
 d6755586a995283c91f15d857ef74387 4181681 ruby optional rails_4.2.7.1.orig.tar.gz
 f96aaabb1ad1821c6112269bf49fdf19 96412 ruby optional rails_4.2.7.1-1+deb9u3.debian.tar.xz
 46382fecbe1dfdb19dcb0e7f8657cd83 10984 ruby optional rails_4.2.7.1-1+deb9u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl8VkQsACgkQj/HLbo2J
BZ8/owf+NYbKiWnwP8Lz12efl8iwEVfi5a9VNYlBgsoRECCEoqwjH48Z3D2vDeFt
Acbf2smTqmnava5eauZpUZxJ9OYAw2lThNAT4L+m1lcaa85Kqo4TUw7wn3YBv6ki
e1h77BohMIKJoKeQObDOSwRdkLvE1bPupZnb6k06OHa/oD9Hd9FnDjvfB47lwhtc
yP42cT4XUk4SExsMsP1lIbDMDSp7mKfVn8fKvMOGysxD1mJDV5CoamN72RcCO6M6
fOsGLn35cC7A5L9tg+2/k5w2qYVjlKN/opterWjSU/96hzG06U7XfxYd9GR7Fp4/
NU3/CT9CXjWwsmBbxqg5q/j24heymQ==
=o4y4
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted nginx 1.10.3-1+deb9u5 (source) into oldstable
Next by Date: Accepted ksh 93u+20120801-3.1+deb9u1 (source i386) into oldstable
Previous by thread: Accepted nginx 1.10.3-1+deb9u5 (source) into oldstable
Next by thread: Accepted ksh 93u+20120801-3.1+deb9u1 (source i386) into oldstable
Index(es):
- Date
- Thread