[DRE-maint] Bug#964081: rails: CVE-2020-8185: Untrusted users able to run pending migrations in production
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 1 12:13:44 BST 2020
Source: rails
Version: 2:6.0.3.1+dfsg-1
Severity: grave
Tags: security upstream
Hi
For details please see
https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
It only affects experimental. To make sure it does not migrate unfixed
to unstable, using an RC severity here.
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list