[DRE-maint] Bug#1030050: rails: CVE-2023-22796 CVE-2023-22795 CVE-2023-22794 CVE-2023-22792 CVE-2022-44566
Lucas Nussbaum
lucas at debian.org
Sat Mar 25 07:19:40 GMT 2023
On 30/01/23 at 18:59 +0100, Moritz Mühlenhoff wrote:
> Source: rails
> X-Debbugs-CC: team at security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for rails.
Hi,
I think that a reasonable way forward on this bug would be to upgrade
rails to version 6.1.7.3. The changelogs for the versions between
the current version in testing (6.1.7) and 6.1.7.3 are:
https://github.com/rails/rails/releases/tag/v6.1.7.1
https://github.com/rails/rails/releases/tag/v6.1.7.2
https://github.com/rails/rails/releases/tag/v6.1.7.3
The changes are only security fixes.
Also, since there are extensive tests for reverse-deps, it would probably
be reasonably safe to push that change, even at this stage of the
release cycle.
Comments?
Lucas
More information about the Pkg-ruby-extras-maintainers
mailing list