[Git][security-tracker-team/security-tracker][master] CVE-2025-24293/rails: drop patches references against CVE-2025-55193

Sun May 10 11:08:25 BST 2026


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e255f031 by Sylvain Beucler at 2026-05-10T12:07:21+02:00
CVE-2025-24293/rails: drop patches references against CVE-2025-55193

+ re-order CVE-2025-55193 patches

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -104414,11 +104414,8 @@ CVE-2025-24293 (# Active Storage allowed transformation methods potentially unsa
 	- rails 2:7.2.2.2+dfsg-1
 	NOTE: https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
 	NOTE: https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce (v8.0.2.1)
-	NOTE: https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b (v8.0.2.1)
 	NOTE: https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13 (v7.2.2.2)
-	NOTE: https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202 (v7.2.2.2)
 	NOTE: https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354 (v7.1.5.2)
-	NOTE: https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290 (v7.1.5.2)
 CVE-2025-9826 (Stored cross-site scripting vulnerability in M-Files Hubshare before v ...)
 	NOT-FOR-US: M-Files
 CVE-2025-9084 (Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirec ...)
@@ -115636,9 +115633,9 @@ CVE-2025-55193 (Active Record connects classes to relational database tables. Pr
 	{DSA-6090-1 DLA-4416-1}
 	- rails 2:7.2.2.2+dfsg-1 (bug #1111106)
 	NOTE: https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
-	NOTE: https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290 (v7.1.5.2)
-	NOTE: https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202 (v7.2.2.2)
 	NOTE: https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b (v8.0.2.1)
+	NOTE: https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202 (v7.2.2.2)
+	NOTE: https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290 (v7.1.5.2)
 CVE-2025-3414 (The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 d ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-34154 (UnForm Server Manager versions prior to 10.1.12 expose an unauthentica ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e255f031ccdb561b6accc76957f7b15932e59b9d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e255f031ccdb561b6accc76957f7b15932e59b9d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260510/d910ec85/attachment-0001.htm>
