[Git][security-tracker-team/security-tracker][master] Reserve DLA-4416-1 for rails

Bastien Roucariès (@rouca) rouca at debian.org
Sun Dec 21 16:07:24 GMT 2025 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
739bb33f by Bastien Roucariès at 2025-12-21T17:07:15+01:00
Reserve DLA-4416-1 for rails

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Dec 2025] DLA-4416-1 rails - security update
+	{CVE-2025-24293 CVE-2025-55193}
+	[bullseye] - rails 2:6.0.3.7+dfsg-2+deb11u4
 [18 Dec 2025] DLA-4415-1 roundcube - security update
 	{CVE-2025-68460 CVE-2025-68461}
 	[bullseye] - roundcube 1.4.15+dfsg.1-1+deb11u6


=====================================
data/dla-needed.txt
=====================================
@@ -350,15 +350,6 @@ python3.9
   NOTE: 20251214: Added by Front-Desk (dleidert)
   NOTE: 20251214: Another round of CVEs is due to be fixed (dleidert/front-desk)
 --
-rails (rouca)
-  NOTE: 20250105: Added by Front-Desk (apo)
-  NOTE: 20250305: Utkarsh uploaded the CVE fixes to unstable via rails/7.2.2.1. (utkarsh)
-  NOTE: 20250323: rails DSA has been released. (utkarsh)
-  NOTE: 20250621: rails DSA uploaded the last 6.1 release before EOL (2024-11)
-  NOTE: 20250621: 6.0 branch is EOL (2023-06) so all open CVEs need individual backport (Beuc)
-  NOTE: 20251120: Import old security release and fix. Will likely do a partial release due to number of CVEs (rouca)
-  NOTE: 20251125: Do a partial release. Need to fix bookworm first (rouca)
---
 runc
   NOTE: 20251105: Added by Front-Desk (Beuc)
   NOTE: 20251105: 3 high-severity container breakouts. Used by docker.io.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739bb33f2722ef19f2bceec90f7b747dba5e398d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739bb33f2722ef19f2bceec90f7b747dba5e398d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251221/c5ce2712/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list