-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 01 Dec 2025 22:00:18 +0100
Source: rails
Architecture: source
Version: 2:6.1.7.10+dfsg-1~deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1111106
Changes:
 rails (2:6.1.7.10+dfsg-1~deb12u2) bookworm-security; urgency=medium
 .
   * Team upload
   * Add SalsaCI
   * Fix CVE-2025-24293 (Closes: #1111106)
     Active Record connects classes to relational database tables.
     The ID passed to find or similar methods may be logged without
     escaping. If this is directly to the terminal it may include
     unescaped ANSI sequences.
   * Fix CVE-2025-55193.
     Active Storage attempts to prevent the use of potentially unsafe image
     transformation methods and parameters by default.
     The default allowed list contains three methods allowing
     for the circumvention of the safe defaults which enables potential
     command injection vulnerabilities in cases where arbitrary
     user supplied input is accepted as valid transformation methods
     or parameters.
Checksums-Sha1:
 a4c895354a92dab2b34a0a8efa3ab2432693ff3a 4873 rails_6.1.7.10+dfsg-1~deb12u2.dsc
 7edc9570c2b6445b3219a5ff72cf5e3106f04638 105608 rails_6.1.7.10+dfsg-1~deb12u2.debian.tar.xz
 483083d281956709fac7231802cf522b47e03c3a 17199 rails_6.1.7.10+dfsg-1~deb12u2_source.buildinfo
Checksums-Sha256:
 872dee504398e45d58c1e813bd4650c4c256bf49ae70410ef91c56e34f08f952 4873 rails_6.1.7.10+dfsg-1~deb12u2.dsc
 b8e474790eaf5a00888978fa5c85b05530f22dffe023970134430c527d1519d4 105608 rails_6.1.7.10+dfsg-1~deb12u2.debian.tar.xz
 64944d6ebcb78e8777b3b82ddad074c2ea2d79f0a27380e225b1baf71cf6abfa 17199 rails_6.1.7.10+dfsg-1~deb12u2_source.buildinfo
Files:
 b89fef49b1801f098d458626e2b6d8bd 4873 ruby optional rails_6.1.7.10+dfsg-1~deb12u2.dsc
 8c98c7cd952f094a74b9c0a40f10d76b 105608 ruby optional rails_6.1.7.10+dfsg-1~deb12u2.debian.tar.xz
 eef12093ef1225f58342faca40d064a1 17199 ruby optional rails_6.1.7.10+dfsg-1~deb12u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmlEsuwRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9vLBAAjbNV5Nyd/zBJoomOUIUnolrpY6Pnlgh7
4YuWYXlbzsyrQ851/a59AicyLCnG1N0Fd2iO/Re86V2DharLOrtuawP5aPejpPMI
s5cNit3KuflKLEb78mKZpe9qko98gnQG37Dg4XzRbv5wo7CURUrzGaALgaaCrhR2
hUp72WTMKGVyCiTLC66iYi5FZDKNGsiPT6hTXWYUXY6S/bI4a8JPDeleXRvhu3KG
3OJa2I7nFu4GwP+qku7JVHg7f97G5Ik5WUDgHVvnQAqKHa4d1j9tKHKD05PDSjAd
jCvmq/pS8j/3G5f6r6HSrD0+ClTsUf3W3tTWbOfU0uH7Usa5gTZNt1f+Z9mCh0vC
CEVYXh2VWpXh8i6MlCz6jc4I+SxoeDJQ61uMSo0kJggTPAYVBfu9QoF1+rhb9hpi
KpgEANcxxfKC5b2ACseL3Y5K3GDKALhIVGAlb3esLcCLJgQW+wPBt7s6lcon4qRm
HoCH3Lb7pFcgvolpId+bdWIrKXjFpgIo4sBfz76wicsoVIJJArO8TzS8JoUKmJAL
HeWrw9iaJnomm+Ef8LmcmHu6B5MukpHJ+htkpHLH1V23lz87GFdJ2K5GhSCWesBQ
JQdc8UApEzND1XMtAzWHzkAVMIK6dCGRnhEJeY58Wk9xYS2ITiStI1wOuMO8cWpU
mw+rSWKJ9uQ=
=vfXT
-----END PGP SIGNATURE-----