[DRE-maint] Bug#634990: rails-2.3 not vulnerable
Ondřej Surý
ondrej at debian.org
Mon Aug 29 11:13:00 UTC 2011
Package: rails
Version: 2.3.14
Hi,
according to http://weblog.rubyonrails.org/2011/6/8/ann-rails-2-3-12-has-been-released
the rails-2.3 is only vulnerable if the rails_xss plugin is installed.
The rails package in Debian doesn't install this plugin by default
therefore the package in Debian in not vulnerable.
O.
-- System Information:
Debian Release: 6.0.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages rails depends on:
ii rails-ruby1.8 2.3.5-1.2+squeeze0.1 MVC ruby based framework geared fo
rails recommends no packages.
rails suggests no packages.
-- no debconf information
More information about the Pkg-ruby-extras-maintainers
mailing list