-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3464-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 31, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rails CVE ID : CVE-2015-3226 CVE-2015-3227 CVE-2015-7576 CVE-2015-7577 CVE-2015-7581 CVE-2016-0751 CVE-2016-0752 CVE-2016-0753 Multiple security issues have been discovered in the Rails on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation. For the stable distribution (jessie), these problems have been fixed in version 2:4.1.8-1+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 2:4.2.5.1-1. We recommend that you upgrade your rails packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWrlW7AAoJEBDCk7bDfE429bsQAJbxqXoQMEjnr8jd1I6zfWlF 0rn734+1IKDIPmtRa7bXVqm/WGIRc6hzLq2xfeWsFD7eH2yxNAEEFELGye8SaAMW Z6rdXudmXDsRv/H7uKcWPftqL2rJZO4/CJRbOW5cTmSKMgMBcTYxE9zAxaHzEH9D JJ3zjipJbncsCscyEcAFXt0nktMzKpQPnAgQ9nwSo6k9U2LLPBx8LNpokjIPH6SU 0p9uxc9q3ct0O9kEWCU6JDUGgSjaSbLE21buT5QRqkqUtdp5ZW0u6qTH8fT2es7H e4EYZTJLLxw65qSmvFjoxFPRZbP2mv5wz+6zEq3Dn2zILlbyQZ/07Cgt8O935535 LMwGx9lXLHoH8RlyWQ9xkip2s5ltPJltRRWvVjA5CL1m/NQefnpi82VmTXgwnCxh uce0rktFdxKuKIvIm5bX98Eyh/2RfQ0apd6UxpJG/8OmLdHGWeCGG5CBvLw+FEVB +S17dr1+Gsg0U2ac1jcd5kDbn9eUR+8D6CIzPdpQHSrEaNezsb3KyOn1k8Dde9a/ SyMQhpBt1Ua9Fl2tJAJHIu4t1nsBlhKw6XYND6ER4vKjYK5l12VUbEvn1ZLqapSn /0CcT2An7UKqZR23LefxckVF1iAPnjuliTO2VL5rGdYxE7xm9GZh5ME8jxqw8EWC +s3gAMfwSdOGdT8+0g1s =Pmrh -----END PGP SIGNATURE-----