[DRE-maint] rail3 update

Antonio Terceiro terceiro at debian.org
Tue Jan 15 18:17:17 UTC 2013 

On Tue, Jan 15, 2013 at 04:35:23PM +0100, Arends, R.R. wrote:
> > On Tue, Jan 15, 2013 at 09:29:19AM +0100, Arends, R.R. wrote:
> >> Hi there,
> >> 
> >> thanks for the debian package. Saves me a lot of trouble.
> >> But now with the vulnerability in it, i'm trying to patch/update it...
> >> Any chance you will be updating it shortly to the latest version without the 
> > vulnerability?
> > 
> > All of the Rails packages in Debian are properly updated with the fixes
> > for the recently disclosed vulnerabilities.
> > 
> > -- 
> > Antonio Terceiro <terceiro at debian.org>
> 
> Antonio thanks for your reply. 
> But when searching on: http://packages.debian.org/search?keywords=rails3&searchon=names&suite=all&section=all
> I only see 3.2.6-1 for example. 
> With this as the changelog: http://packages.debian.org/changelogs/pool/main/r/ruby-rails-3.2/ruby-rails-3.2_3.2.6-1/changelog
> 24 jun 2012... 
> 
> Am i looking it up wrong? 
> # dpkg -l |grep rails3
> ii  rails3                          3.2.6-1                      all          MVC ruby based framework geared for web application development
> 
> http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
> Mentions 3.2.11 as the version where the fix is in.

Debian currently in in freeze, so we do not upload new upstream
versions. Instead, we apply the specific fixes for security problems
over the existing packages, so the upstream part of their version
numbers will not increase.

Besides, since rails3 is a meta package which depends on the packages
for the various components of Rails, and the fixes for those security
problems were in their respective components, so no upgrade of the
rails3 package itself was necessary.

http://www.debian.org/security/2013/dsa-2597
http://www.debian.org/security/2013/dsa-2604

-- 
Antonio Terceiro <terceiro at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20130115/df5b227c/attachment.pgp>

More information about the Pkg-ruby-extras-maintainers mailing list