[Git][security-tracker-team/security-tracker][master] CVE-2022-32224/rails: further compatibility improvement

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Thu May 7 13:42:07 BST 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e51b5d6 by Sylvain Beucler at 2026-05-07T14:41:59+02:00
CVE-2022-32224/rails: further compatibility improvement

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -400212,6 +400212,7 @@ CVE-2022-32224 (A possible escalation to RCE vulnerability exists when using YAM
 	NOTE: "This may introduce backwards compatibility issues with existing data."
 	NOTE: https://lists.debian.org/debian-lts/2022/09/msg00004.html
 	NOTE: Adding 'Symbol' to 'yaml_column_permitted_classes' by default:
+	NOTE: https://github.com/rails/rails/pull/45584
 	NOTE: https://github.com/rails/rails/commit/fbb7f0b407c96cb38fba6b2e8cb8ce12252738da (v6.1.7)
 	NOTE: https://github.com/rails/rails/commit/6a421e4a6a16eacfb7444108fd24c33d11cdd0a7 (v6.1.7)
 	NOTE: https://github.com/rails/rails/commit/b521e2ecfc1f94b2d594f9ba9c5fa80b1c58566e (v6.0.6)
@@ -400223,6 +400224,9 @@ CVE-2022-32224 (A possible escalation to RCE vulnerability exists when using YAM
 	NOTE: https://github.com/rails/rails/commit/a5f27f6ace95e07ae30b6d92e71cb35f891d9b1a (v6.0.6)
 	NOTE: https://github.com/rails/rails/commit/5436676014340247ee4e53ecd2c71cab34059383 (5-2-stable)
 	NOTE: https://github.com/rails/rails/commit/21cd60ee88c413b2a58552c4b31c4d9e8c17f4eb (5-2-stable)
+	NOTE: Further compatibility fix:
+	NOTE: https://github.com/rails/rails/commit/e5ac49d986de0f9f1f7083422f04c08fa15e1616 (v6.1.7)
+	NOTE: https://github.com/rails/rails/commit/e74d6ee33dcbd799c1e845f63876bd8d3fe29b05 (v6.1.7)
 CVE-2022-32223 (Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under ce ...)
 	- nodejs <not-affected> (Only affects Windows)
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dll-hijacking-on-windows-high-cve-2022-32223



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e51b5d61e4e0caf07478955c1d0804ed0c39e5e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e51b5d61e4e0caf07478955c1d0804ed0c39e5e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260507/1d15c182/attachment.htm>

More information about the debian-security-tracker-commits mailing list