-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 01 Dec 2025 22:00:18 +0100 Source: rails Binary: rails ruby-actioncable ruby-actionmailbox ruby-actionmailer ruby-actionpack ruby-actiontext ruby-actionview ruby-activejob ruby-activemodel ruby-activerecord ruby-activestorage ruby-activesupport ruby-rails ruby-railties Architecture: all Version: 2:6.1.7.10+dfsg-1~deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Bastien Roucariès Description: rails - MVC ruby based framework geared for web application development ( ruby-actioncable - WebSocket framework for Rails (part of Rails) ruby-actionmailbox - receive and process incoming emails (part of Rails) ruby-actionmailer - email composition, delivery framework (part of Rails) ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R ruby-actiontext - edit and display rich text (part of Rails) ruby-actionview - framework for handling view template lookup and rendering (part o ruby-activejob - job framework with pluggable queues (part of Rails) ruby-activemodel - toolkit for building modeling frameworks (part of Rails) ruby-activerecord - object-relational mapper framework (part of Rails) ruby-activestorage - local and cloud file storage framework (part of Rails) ruby-activesupport - collection of utility classes used by the Rails framework ruby-rails - MVC ruby based framework geared for web application development ruby-railties - tools for creating, working with, and running Rails applications Closes: 1111106 Changes: rails (2:6.1.7.10+dfsg-1~deb12u2) bookworm-security; urgency=medium . * Team upload * Add SalsaCI * Fix CVE-2025-24293 (Closes: #1111106) Active Record connects classes to relational database tables. The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. * Fix CVE-2025-55193. Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters. Checksums-Sha1: 137b3f2595f1bae79ed4a5b763276ba04d1b44fc 37023 rails_6.1.7.10+dfsg-1~deb12u2_all-buildd.buildinfo 518424e33817f89a847a7bd358b78724c65b2d70 18500 rails_6.1.7.10+dfsg-1~deb12u2_all.deb b09237379d8423f73249799709dab7eef3884d6b 57964 ruby-actioncable_6.1.7.10+dfsg-1~deb12u2_all.deb 455fab746b21ad06e5d89627997aa43f0e9744e0 37392 ruby-actionmailbox_6.1.7.10+dfsg-1~deb12u2_all.deb aced711080f8182cc0792e862071f0972612e991 43344 ruby-actionmailer_6.1.7.10+dfsg-1~deb12u2_all.deb ca45cd481f73a5f05b5c424c94324a0dfaf553ee 205256 ruby-actionpack_6.1.7.10+dfsg-1~deb12u2_all.deb df71c3fb332d46945e8a2eb7724546ef4bccccae 33600 ruby-actiontext_6.1.7.10+dfsg-1~deb12u2_all.deb 6d8ba9070d48647b610f820b5dac6a9630071286 153736 ruby-actionview_6.1.7.10+dfsg-1~deb12u2_all.deb 692fdb7a79ea67301f23169fbfcdd8ce4dfa9e92 45288 ruby-activejob_6.1.7.10+dfsg-1~deb12u2_all.deb b650ad6b2c7384a08aa76694cf8f4ca4dced82ac 70612 ruby-activemodel_6.1.7.10+dfsg-1~deb12u2_all.deb 9d66d71b33fe18061ca5ba5b22bf265a50fae261 365780 ruby-activerecord_6.1.7.10+dfsg-1~deb12u2_all.deb c8bf1671027dce9ec4dd10faacf2b8e44bf00857 69616 ruby-activestorage_6.1.7.10+dfsg-1~deb12u2_all.deb 8eb745cf5413b556bc1b5e15709563f3d6f4d928 202740 ruby-activesupport_6.1.7.10+dfsg-1~deb12u2_all.deb ee3f7c3cb2122ba8ea6093976f1570be0b53ffe3 26004 ruby-rails_6.1.7.10+dfsg-1~deb12u2_all.deb 50d76fb33b6c0c9cbcf199e5a13459b5b92acc44 453980 ruby-railties_6.1.7.10+dfsg-1~deb12u2_all.deb Checksums-Sha256: 3d3aecdf139a158b32ce3d753f9667971b696947246f63d9cc085c9ed70d569f 37023 rails_6.1.7.10+dfsg-1~deb12u2_all-buildd.buildinfo 5b821bcddf516963e2b31f8e08a135875213952ffbe13b424c7d7cb605a1cf95 18500 rails_6.1.7.10+dfsg-1~deb12u2_all.deb 659adc4f2e0d352e5e0e132060a83c456cb7aded4c4121a1a3bc136d60933b3c 57964 ruby-actioncable_6.1.7.10+dfsg-1~deb12u2_all.deb ab2b09e20a49f8934aa6f76087bed669674fae8bfb2b7bcb056d36ca86432481 37392 ruby-actionmailbox_6.1.7.10+dfsg-1~deb12u2_all.deb e01a7e8e6900d83758c73c7825649d06a64f7dfbe7474cd15b8414686fd30749 43344 ruby-actionmailer_6.1.7.10+dfsg-1~deb12u2_all.deb 86980d9d6235ed6207f613e92e101ceb086f63a0ff8405b446e1edf2b64f2654 205256 ruby-actionpack_6.1.7.10+dfsg-1~deb12u2_all.deb e12b25a10bbac5fccd216d365d42febdac47fae58ac86400439a4ba0f87cba64 33600 ruby-actiontext_6.1.7.10+dfsg-1~deb12u2_all.deb cc84d9eaa24421d63a62bbda53a1f9676c635158c3bd29ac35bbffc408a7012b 153736 ruby-actionview_6.1.7.10+dfsg-1~deb12u2_all.deb 7e697e64f5fb377987ef04a360cd5406aaa92595854a94692726fc2ee49574e0 45288 ruby-activejob_6.1.7.10+dfsg-1~deb12u2_all.deb d565e765e13f60979b52f0e9c7e498581002cbae5c97d13c898a262c5659f3fd 70612 ruby-activemodel_6.1.7.10+dfsg-1~deb12u2_all.deb c703d1c0bb4d21d39801ac000ebec56c6205301c99263141181e57a5036c77fa 365780 ruby-activerecord_6.1.7.10+dfsg-1~deb12u2_all.deb 33d5a983648a2565534db933546696730f9826af3d0af130364958940344b766 69616 ruby-activestorage_6.1.7.10+dfsg-1~deb12u2_all.deb f6e2a418ee9d9c8a04874b869df9e20d02daa15e27271a62b3acb8359b82078f 202740 ruby-activesupport_6.1.7.10+dfsg-1~deb12u2_all.deb 4f924ccab08faf2f3bfaf31f26d72aadf75ca2e12d9e269d669265cce186a596 26004 ruby-rails_6.1.7.10+dfsg-1~deb12u2_all.deb fbf0efc352d48ecaf008627966f0dd54262829c18de0bfc652d12a9226f7786a 453980 ruby-railties_6.1.7.10+dfsg-1~deb12u2_all.deb Files: a60fce5c77b6d42a1817e341eed9a1f6 37023 ruby optional rails_6.1.7.10+dfsg-1~deb12u2_all-buildd.buildinfo f756ba80ee9e98722569791764ac79fa 18500 ruby optional rails_6.1.7.10+dfsg-1~deb12u2_all.deb 2fc927971bd6da328e72630f2e8798ef 57964 ruby optional ruby-actioncable_6.1.7.10+dfsg-1~deb12u2_all.deb 1cff97dd2c16441c296f0e1acfa68bdf 37392 ruby optional ruby-actionmailbox_6.1.7.10+dfsg-1~deb12u2_all.deb 033f43f0608f72131523d7e13ea5772f 43344 ruby optional ruby-actionmailer_6.1.7.10+dfsg-1~deb12u2_all.deb a77c534a5c4a83ec6e76b3e5f6751ccb 205256 ruby optional ruby-actionpack_6.1.7.10+dfsg-1~deb12u2_all.deb 5776f8baa0c40398f9d63fc25421deeb 33600 ruby optional ruby-actiontext_6.1.7.10+dfsg-1~deb12u2_all.deb b3b7aae94d628aeecf5d2276f8cdfb6e 153736 ruby optional ruby-actionview_6.1.7.10+dfsg-1~deb12u2_all.deb 21e8d94d27d373637f9b082c86e753bd 45288 ruby optional ruby-activejob_6.1.7.10+dfsg-1~deb12u2_all.deb b3c8165f7abe940906f64cd6d75eedb5 70612 ruby optional ruby-activemodel_6.1.7.10+dfsg-1~deb12u2_all.deb 3aad05f5af22e339a3459d1305190da6 365780 ruby optional ruby-activerecord_6.1.7.10+dfsg-1~deb12u2_all.deb 7d33678a5073e2cca8d58567e3eb8378 69616 ruby optional ruby-activestorage_6.1.7.10+dfsg-1~deb12u2_all.deb ccf8b207e94a14747027028830a2ad8f 202740 ruby optional ruby-activesupport_6.1.7.10+dfsg-1~deb12u2_all.deb 9f8735dacaab55a8ea0b6fd2e1baa0bd 26004 ruby optional ruby-rails_6.1.7.10+dfsg-1~deb12u2_all.deb cb57c0f25a52f04e673fa4dc3107b1b2 453980 ruby optional ruby-railties_6.1.7.10+dfsg-1~deb12u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmlEuDAACgkQJuP6X4A0 XeLhMw//UOzYwhlBvDjgVBmSLY5gdot4AhLWHapaGHbjKpGTuia9ngmMZt1DLQ2C JMv8/hSRbx16HhiTZDlZ9ROmNOCOUbqiL/m6jVB92Jp34gL8VJGkjIKW/WpbV/sL gToq9H7aJ0aVtbsKflk58dMI8izirGU1i6f7r+434pClca0103HE8iZwJAJD/X0w y4r4KTwWZCcgIOI/C4PFRjKpCZMK9rj5vPDm1az6B3SHJnz8reD4tArBSNG94hoK i5pxuFjQsuLrZMCRXyXzY7tKUovKuVPjGtB6r+lyXJqNMG7ztEH2LhZDx1fABuf5 WmjPIcmchjbOw07lGKvgkPnFf67FdW58+s3ikxcd5oyUs9e4B9G7i9gOxda4cNww 8x3XfOAQQtBdhKuVYEcwHPYlolFQKLWvVIjTRRZY58+ok4+waVHCVbakRUG2bA69 2qH3HQse3NVSYO8qo0bngmLQSZLCRBMbcGPxvR23iXj7BOGB3FnWZzttraXdAvgK YP1An7EO9fE/eROrqCnYkbP5hiqD1twOiUEi5bvtEusXlG2TZTGdRXSd5I3byqdr MGn60bCAwQLAEzyoXsJv5V3fyzOMyzcapV5TSceuE5JxEqDpgIYCrNWIvCHNXAMd C84IIcsEQGIvAkoAO3osHlkWqzNEnBSqZUpb0aYtc4+iEef+RF0= =mtDA -----END PGP SIGNATURE-----