[Git][security-tracker-team/security-tracker][master] rails fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Mar 5 11:21:50 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5053c9df by Moritz Muehlenhoff at 2025-03-05T12:19:24+01:00
rails fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43873,21 +43873,21 @@ CVE-2024-48758 (dingfanzu CMS V1.0 was discovered to contain a Cross-Site Reques
CVE-2024-48180 (ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method i ...)
NOT-FOR-US: ClassCMS
CVE-2024-47889 (Action Mailer is a framework for designing email service layers. Start ...)
- - rails <unfixed> (bug #1085376)
+ - rails 2:7.2.2.1+dfsg-1 (bug #1085376)
NOTE: https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6
NOTE: https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e (v7.2.1.1)
NOTE: https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3 (v7.1.4.1)
NOTE: https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94 (v7.0.8.5)
NOTE: https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9 (v6.1.7.9)
CVE-2024-47888 (Action Text brings rich text content and editing to Rails. Starting in ...)
- - rails <unfixed> (bug #1085376)
+ - rails 2:7.2.2.1+dfsg-1 (bug #1085376)
NOTE: https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
NOTE: https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e (v7.2.1.1)
NOTE: https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5 (v7.1.4.1)
NOTE: https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822 (v7.0.8.5)
NOTE: https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468 (v6.1.7.9)
CVE-2024-47887 (Action Pack is a framework for handling and responding to web requests ...)
- - rails <unfixed> (bug #1085376)
+ - rails 2:7.2.2.1+dfsg-1 (bug #1085376)
NOTE: https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
NOTE: https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2 (v7.2.1.1)
NOTE: https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a (v7.1.4.1)
@@ -44050,7 +44050,7 @@ CVE-2024-45072 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an
CVE-2024-45071 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored c ...)
NOT-FOR-US: IBM
CVE-2024-41128 (Action Pack is a framework for handling and responding to web requests ...)
- - rails <unfixed> (bug #1085376)
+ - rails 2:7.2.2.1+dfsg-1 (bug #1085376)
NOTE: https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
NOTE: https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075 (v7.2.1.1)
NOTE: https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef (v7.1.4.1)
@@ -76438,7 +76438,7 @@ CVE-2024-2368 (The Mollie Forms plugin for WordPress is vulnerable to Cross-Site
CVE-2024-2087 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...)
NOT-FOR-US: WordPress plugin
CVE-2024-28103 (Action Pack is a framework for handling and responding to web requests ...)
- - rails <unfixed> (bug #1072705)
+ - rails 2:7.2.2.1+dfsg-1 (bug #1072705)
[bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <not-affected> (Vulnerable code introduced later)
[buster] - rails <not-affected> (Vulnerable code introduced later)
@@ -110497,10 +110497,13 @@ CVE-2021-46908 (In the Linux kernel, the following vulnerability has been resolv
CVE-2021-46907
REJECTED
CVE-2024-26144 (Rails is a web-application framework. Starting with version 5.2.0, the ...)
- - rails <unfixed> (bug #1065119)
+ - rails 2:7.2.2.1+dfsg-1 (bug #1065119)
[bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <no-dsa> (Minor issue)
NOTE: https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
+ NOTE: https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
+ NOTE: https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433 (v7.0.8.1)
+ NOTE: https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3 (v6.1.7.7)
CVE-2024-27092 (Hoppscotch is an API development ecosystem. Due to lack of validation ...)
NOT-FOR-US: Hoppscotch
CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions with very ...)
@@ -142986,7 +142989,7 @@ CVE-2023-40317
CVE-2023-40316
- moodle <removed>
CVE-2023-38037 (ActiveSupport::EncryptedFile writes contents that will be encrypted to ...)
- - rails <unfixed> (bug #1051057)
+ - rails 2:7.2.2.1+dfsg-1 (bug #1051057)
[bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <no-dsa> (Minor issue)
NOTE: https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
@@ -166810,7 +166813,7 @@ CVE-2023-28364 (An Open Redirect vulnerability exists prior to version 1.52.117,
CVE-2023-28363
RESERVED
CVE-2023-28362 (The redirect_to method in Rails allows provided values to contain char ...)
- - rails <unfixed> (bug #1051058)
+ - rails 2:7.2.2.1+dfsg-1 (bug #1051058)
[bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <no-dsa> (Minor issue)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5053c9df3e7f006ee5f34b48e62419c0cdb2274b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5053c9df3e7f006ee5f34b48e62419c0cdb2274b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250305/891e1aec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list