[Git][security-tracker-team/security-tracker][master] dla-needed: rail is a partial release

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a351ea0 by Bastien Roucariès at 2025-11-25T20:50:14+01:00
dla-needed: rail is a partial release

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -299,6 +299,15 @@ qtbase-opensource-src (Sylvain Beucler)
   NOTE: 20250520: Follow fixes from bookworm 12.11 (CVE-2024-39936)
   NOTE: 20250520: We don't seem affected by the non-CVE crash fix #1081682 (Beuc/front-desk)
 --
+rails (rouca)
+  NOTE: 20250105: Added by Front-Desk (apo)
+  NOTE: 20250305: Utkarsh uploaded the CVE fixes to unstable via rails/7.2.2.1. (utkarsh)
+  NOTE: 20250323: rails DSA has been released. (utkarsh)
+  NOTE: 20250621: rails DSA uploaded the last 6.1 release before EOL (2024-11)
+  NOTE: 20250621: 6.0 branch is EOL (2023-06) so all open CVEs need individual backport (Beuc)
+  NOTE: 20251120: Import old security release and fix. Will likely do a partial release due to number of CVEs (rouca)
+  NOTE: 20251125: Do a partial release. Need to fix bookworm first (rouca)
+--
 runc
   NOTE: 20251105: Added by Front-Desk (Beuc)
   NOTE: 20251105: 3 high-severity container breakouts. Used by docker.io.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a351ea0161ba6e1d13171a17c644d671c930e0c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a351ea0161ba6e1d13171a17c644d671c930e0c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251125/7f444f47/attachment.htm>