From d617754fc952119e9d7f0b5366ebbe48bcff6de9 Mon Sep 17 00:00:00 2001 From: Jean-Pierre Giraud Date: Tue, 14 Mar 2023 00:35:38 +0100 Subject: [SECURITY] [DSA 5372-1] rails security update --- english/security/2023/dsa-5372.data | 13 +++++++++++++ english/security/2023/dsa-5372.wml | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 english/security/2023/dsa-5372.data create mode 100644 english/security/2023/dsa-5372.wml diff --git a/english/security/2023/dsa-5372.data b/english/security/2023/dsa-5372.data new file mode 100644 index 00000000000..9834fcd0d7e --- /dev/null +++ b/english/security/2023/dsa-5372.data @@ -0,0 +1,13 @@ +DSA-5372-1 rails +2023-3-13 +CVE-2021-22942 CVE-2021-44528 CVE-2022-21831 CVE-2022-22577 CVE-2022-23633 CVE-2022-27777 CVE-2023-22792 CVE-2023-22794 CVE-2023-22795 CVE-2023-22796 Bug#992586 Bug#1001817 Bug#1011940 Bug#1011941 Bug#1005389 Bug#1016982 Bug#1030050 +rails +yes +yes +no + +#use wml::debian::security + + + + diff --git a/english/security/2023/dsa-5372.wml b/english/security/2023/dsa-5372.wml new file mode 100644 index 00000000000..7e19503df96 --- /dev/null +++ b/english/security/2023/dsa-5372.wml @@ -0,0 +1,20 @@ +security update + +

Multiple vulnerabilities were discovered in rails, the Ruby based server-side +MVC web application framework, which could result in XSS, data disclosure +and open redirect.

+ +

For the stable distribution (bullseye), these problems have been fixed in +version 2:6.0.3.7+dfsg-2+deb11u1.

+ +

We recommend that you upgrade your rails packages.

+ +

For the detailed security status of rails please refer to +its security tracker page at: +\ +https://security-tracker.debian.org/tracker/rails

+ + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2023/dsa-5372.data" +# $Id: $ -- cgit v1.2.3