info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1030050: rails: CVE-2023-22796 CVE-2023-22795 CVE-2023-22794 CVE-2023-22792 CVE-2022-44566
0 views
Skip to first unread message
Lucas Nussbaum
Mar 25, 2023, 3:30:04 AM3/25/23
to
On 30/01/23 at 18:59 +0100, Moritz Mühlenhoff wrote:
> Source: rails
> X-Debbugs-CC: te...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for rails.
Hi,
I think that a reasonable way forward on this bug would be to upgrade
rails to version 6.1.7.3. The changelogs for the versions between
the current version in testing (6.1.7) and 6.1.7.3 are:
https://github.com/rails/rails/releases/tag/v6.1.7.1
https://github.com/rails/rails/releases/tag/v6.1.7.2
https://github.com/rails/rails/releases/tag/v6.1.7.3
The changes are only security fixes.
Also, since there are extensive tests for reverse-deps, it would probably
be reasonably safe to push that change, even at this stage of the
release cycle.
Comments?
Lucas
> Source: rails
> X-Debbugs-CC: te...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for rails.
Hi,
I think that a reasonable way forward on this bug would be to upgrade
rails to version 6.1.7.3. The changelogs for the versions between
the current version in testing (6.1.7) and 6.1.7.3 are:
https://github.com/rails/rails/releases/tag/v6.1.7.1
https://github.com/rails/rails/releases/tag/v6.1.7.2
https://github.com/rails/rails/releases/tag/v6.1.7.3
The changes are only security fixes.
Also, since there are extensive tests for reverse-deps, it would probably
be reasonably safe to push that change, even at this stage of the
release cycle.
Comments?
Lucas
0 new messages