Debian Security Advisory
DSA-3464-1 rails -- security update
- Date Reported:
- 31 Jan 2016
- Affected Packages:
- rails
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-3226, CVE-2015-3227, CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753.
- More information:
-
Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation.
For the stable distribution (jessie), these problems have been fixed in version 2:4.1.8-1+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 2:4.2.5.1-1.
We recommend that you upgrade your rails packages.