Bug#988214: marked as done (CVE-2021-22885 CVE-2021-22902 CVE-2021-22904)

Sat, 15 May 2021 04:21:16 -0700 

Your message dated Sat, 15 May 2021 11:18:31 +0000
with message-id <e1lhsjt-0007ke...@fasolo.debian.org>
and subject line Bug#988214: fixed in rails 2:6.0.3.7+dfsg-1
has caused the Debian Bug report #988214,
regarding CVE-2021-22885 CVE-2021-22902 CVE-2021-22904
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
988214: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: rails
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>

CVE-2021-22904:
https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 
(v6.0.3.7)

CVE-2021-22902:
Fixed by: 
https://github.com/rails/rails/commit/446afbd15360a347c923ca775b21a286dcb5297a 
(v6.0.3.7)

CVE-2021-22885:
https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce 
(v6.0.3.7)

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: rails
Source-Version: 2:6.0.3.7+dfsg-1
Done: Utkarsh Gupta <utka...@debian.org>

We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 988...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Utkarsh Gupta <utka...@debian.org> (supplier of updated rails package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 15 May 2021 16:05:45 +0530
Source: rails
Architecture: source
Version: 2:6.0.3.7+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian Ruby Team 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utka...@debian.org>
Closes: 988214
Changes:
 rails (2:6.0.3.7+dfsg-1) unstable; urgency=high
 .
   * Upload to unstable directly.
   * New upstream version 6.0.3.7+dfsg. (Closes: #988214)
     - Prevent slow regex when parsing host authorization header.
       (Fixed: CVE-2021-22904)
     - Prevent catastrophic backtracking during mime parsing.
       (Fixes: CVE-2021-22902)
     - Prevent string polymorphic route arguments.
       (Fixes: CVE-2021-22885)
Checksums-Sha1:
 edb93d233eb36940900d1c5df718def0a259345d 4841 rails_6.0.3.7+dfsg-1.dsc
 c93bf6d051c280503aea30877f686f20c5118483 13967752 
rails_6.0.3.7+dfsg.orig.tar.xz
 fb9ff2f2682104fdb7133bb27c6f6970ee10a624 98020 
rails_6.0.3.7+dfsg-1.debian.tar.xz
 eb7063efdba6e7159798854fcb358f4db693f01e 34312 
rails_6.0.3.7+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 b35361415eff1467a176cf864d94c74dbd33caa89703a9ae6bb1147c375cfacb 4841 
rails_6.0.3.7+dfsg-1.dsc
 f1adfb152227b0b840a85f3c326db91191149021adb2c5afbed99c6d32a94582 13967752 
rails_6.0.3.7+dfsg.orig.tar.xz
 8b60bfe7a8f3b767b4a81b63f0f139e7c1652c32b9e02e5be395b2bf775e1312 98020 
rails_6.0.3.7+dfsg-1.debian.tar.xz
 d4de1b95372e160a0d33b4e99e43147ae654e7a194e2a3e5c5f0b5ff27ff4c02 34312 
rails_6.0.3.7+dfsg-1_amd64.buildinfo
Files:
 6df793d6c3bd3d27d559c929619b4af5 4841 ruby optional rails_6.0.3.7+dfsg-1.dsc
 9a2058e157560ede7b3a206d6f521d84 13967752 ruby optional 
rails_6.0.3.7+dfsg.orig.tar.xz
 0d72459d196a4be55592a9cc46255559 98020 ruby optional 
rails_6.0.3.7+dfsg-1.debian.tar.xz
 a090d9db499272fd768866b1d0752de4 34312 ruby optional 
rails_6.0.3.7+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCfp0ETHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlqakD/40KhfE97OMLEUlvHxQ/TSidvleoLNU
gxhyouxTj+cYcphScsbjBCa626ooRdIPQd0HY0t7z5QqDOcocsQILDaVwnsqGUDO
CMBfxGAlED2fYcjJAtk1cUbIB/7vqwsJGRJUhsynnRimuGsEGzyrPm18+gK36ZdJ
tWu5NFSy1+g4//ylIcW8P4DD2nY5gFeddMwoJ+myQfZENcXKQ+l1toDaA7EGZTal
abA0dNkgdY0SrVRUkRORzTJaOSBrK1SrH1B+h5EZ5CIv+PDMQdnzlkUrRhEUk19L
bKi0ksUDClfx/xc5nJR0btwf/ZGSJMXD72oUJOoAhklu4i7A94J7avPxg5876wBg
0pR7BJXZn9RL9aanJFN2Ie0uSXQguSDfnOabY2Vi4ZVgkJcFaP9k9e3o0G+LfE0g
DoNZht35LuduiwT2E0gnCUuNqjVmeIa6Y29AetWKMjlQ7KPOrjtUq0lAXV9w0zIj
72qcORBIKiZ4WnqEhW/i6JALXPqyVID9oyhEPUWqK7/RxwuP52/j2ciUBbxy4BqK
KhQCDjsh7/uStATNlkoxZz/pCPt4/SxOvg9PiWsI8/yfXpRJiXYfx4etASP0MA1d
zespmxGzl11X7QvN0UhZpp6jA8cT19XshS/8n3R9VM34jgeNYKXi95bZrmEFQOrb
sJEoO0B1/lZoFg==
=ItQZ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to