-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 01 Dec 2025 21:45:40 +0100
Source: rails
Binary: rails ruby-actioncable ruby-actionmailbox ruby-actionmailer ruby-actionpack ruby-actiontext ruby-actionview ruby-activejob ruby-activemodel ruby-activerecord ruby-activestorage ruby-activesupport ruby-rails ruby-railties
Architecture: all
Version: 2:7.2.2.2+dfsg-2~deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 rails      - MVC ruby based framework geared for web application development (
 ruby-actioncable - WebSocket framework for Rails (part of Rails)
 ruby-actionmailbox - receive and process incoming emails (part of Rails)
 ruby-actionmailer - email composition, delivery framework (part of Rails)
 ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R
 ruby-actiontext - edit and display rich text (part of Rails)
 ruby-actionview - framework for handling view template lookup and rendering (part o
 ruby-activejob - job framework with pluggable queues (part of Rails)
 ruby-activemodel - toolkit for building modeling frameworks (part of Rails)
 ruby-activerecord - object-relational mapper framework (part of Rails)
 ruby-activestorage - local and cloud file storage framework (part of Rails)
 ruby-activesupport - collection of utility classes used by the Rails framework
 ruby-rails - MVC ruby based framework geared for web application development
 ruby-railties - tools for creating, working with, and running Rails applications
Closes: 1111106
Changes:
 rails (2:7.2.2.2+dfsg-2~deb13u1) trixie-security; urgency=medium
 .
   * Team upload
   * New upstream release
   * Fix CVE-2025-24293 (Closes: #1111106)
     Active Record connects classes to relational database tables.
     The ID passed to find or similar methods may be logged without
     escaping. If this is directly to the terminal it may include
     unescaped ANSI sequences.
   * Fix CVE-2025-55193.
     Active Storage attempts to prevent the use of potentially unsafe image
     transformation methods and parameters by default.
     The default allowed list contains three methods allowing
     for the circumvention of the safe defaults which enables potential
     command injection vulnerabilities in cases where arbitrary
     user supplied input is accepted as valid transformation methods
     or parameters.
   * Target trixie in salsaCI
Checksums-Sha1:
 86d0151968091760cb65f2449f2119b6d2daa7e5 27203 rails_7.2.2.2+dfsg-2~deb13u1_all-buildd.buildinfo
 68e9bd738a77b5ae8fcf8b3b40270d7181a22fe6 19584 rails_7.2.2.2+dfsg-2~deb13u1_all.deb
 1a30de05f9de8bc96e7dd3f9a2002ae824722b72 60888 ruby-actioncable_7.2.2.2+dfsg-2~deb13u1_all.deb
 4e1686b392b250c9dc054555bb8e0946a8bc7ca6 37948 ruby-actionmailbox_7.2.2.2+dfsg-2~deb13u1_all.deb
 71b74f4f80c96f7bf2c38d19c9cdf03fd928189b 45460 ruby-actionmailer_7.2.2.2+dfsg-2~deb13u1_all.deb
 0f2cc9e67675797403262b3a7de0fc16d6b9d1d8 216736 ruby-actionpack_7.2.2.2+dfsg-2~deb13u1_all.deb
 c624b6188d2e83cf41c6cd900598baa45b066b57 131912 ruby-actiontext_7.2.2.2+dfsg-2~deb13u1_all.deb
 1058974c722628f90189944f7bf8559991b05528 170024 ruby-actionview_7.2.2.2+dfsg-2~deb13u1_all.deb
 fa65194c4988b1dba0c367d4a2afc28d00083434 49184 ruby-activejob_7.2.2.2+dfsg-2~deb13u1_all.deb
 1e4de9a2629b727a7dbf5d1305961869797adf0d 75388 ruby-activemodel_7.2.2.2+dfsg-2~deb13u1_all.deb
 86abff40b12bda390ab05c96767ceef1fe875aae 447596 ruby-activerecord_7.2.2.2+dfsg-2~deb13u1_all.deb
 ae0152496ec37a0c503f8fb1deb3914a7cf78333 68912 ruby-activestorage_7.2.2.2+dfsg-2~deb13u1_all.deb
 62259b9c3a9efb16965c5feb7055367a6b84fe8e 223124 ruby-activesupport_7.2.2.2+dfsg-2~deb13u1_all.deb
 f8516ba5ad81c5504738e27bdd099577373d419f 26852 ruby-rails_7.2.2.2+dfsg-2~deb13u1_all.deb
 47d46add2520bcc8d1b0ec26d6d275ff93e24739 171628 ruby-railties_7.2.2.2+dfsg-2~deb13u1_all.deb
Checksums-Sha256:
 36025d65ba31ac326db43c064d2790c5b6d400806ce686fd52344d1c9a0cc1d1 27203 rails_7.2.2.2+dfsg-2~deb13u1_all-buildd.buildinfo
 62e0ee866501b7949092946ea6772b213fa969a6ea16b41f2ae71985e73de71d 19584 rails_7.2.2.2+dfsg-2~deb13u1_all.deb
 9e1e6efe4553607958b1363eb51ae8cef4f0ce9dff9bdd8b17a9cdf257a0b198 60888 ruby-actioncable_7.2.2.2+dfsg-2~deb13u1_all.deb
 63c2ac04fe20add632b2405aad84f1a2ad60fa713ea972b86255732678494a49 37948 ruby-actionmailbox_7.2.2.2+dfsg-2~deb13u1_all.deb
 38a6cdf2d6bbd715d08caf5e7b4512d8805ad0b515b21094795396af60c8b7d5 45460 ruby-actionmailer_7.2.2.2+dfsg-2~deb13u1_all.deb
 4f3427da0dc93736ec92dce3a7606d930efd41eb2763001cbd0154adb9057d8e 216736 ruby-actionpack_7.2.2.2+dfsg-2~deb13u1_all.deb
 d18f15163364d3c2a1d8679e6e06f60e4ac662263b28a5f714451e6919d0332c 131912 ruby-actiontext_7.2.2.2+dfsg-2~deb13u1_all.deb
 3c38108233f4849e514815a241f858e15cde7544a1661a282d7113513ff6b62e 170024 ruby-actionview_7.2.2.2+dfsg-2~deb13u1_all.deb
 06d571dd777c51774e84b042412bdfe804def01013b9445a15be56938bcd7cc1 49184 ruby-activejob_7.2.2.2+dfsg-2~deb13u1_all.deb
 362ca489e2e8dbf72c6d8a820ca322ee28828a5b42feda19492cab53719a0eea 75388 ruby-activemodel_7.2.2.2+dfsg-2~deb13u1_all.deb
 48fa11f7d503ca0875260b2f616f9c6c1fd5765646a00d29f7bb8724eac904e6 447596 ruby-activerecord_7.2.2.2+dfsg-2~deb13u1_all.deb
 34646a1929705e2b56477ff51c72e42bb13062c11c4e24868734e2758111cefc 68912 ruby-activestorage_7.2.2.2+dfsg-2~deb13u1_all.deb
 524222a35665d5ee788b5166009d520e2d8b6f3fff4305072543f99db402f7c6 223124 ruby-activesupport_7.2.2.2+dfsg-2~deb13u1_all.deb
 c9e0b3550ff97becbc9af9170779c2213b52204761a4ef324bf0d7e2139523d3 26852 ruby-rails_7.2.2.2+dfsg-2~deb13u1_all.deb
 2e32ea0bd772da60b58641e16a445c12a1c744b84627d56ee36dc79cae02f072 171628 ruby-railties_7.2.2.2+dfsg-2~deb13u1_all.deb
Files:
 6e1c6b68349d30825087d47dc7cd33bf 27203 ruby optional rails_7.2.2.2+dfsg-2~deb13u1_all-buildd.buildinfo
 359ea7328e9fa80e9726bf40c0f5c9ff 19584 ruby optional rails_7.2.2.2+dfsg-2~deb13u1_all.deb
 51ca7460430bf6df8ca6ec5d28bbad41 60888 ruby optional ruby-actioncable_7.2.2.2+dfsg-2~deb13u1_all.deb
 134a0d18a5996609e6f42421a0545c43 37948 ruby optional ruby-actionmailbox_7.2.2.2+dfsg-2~deb13u1_all.deb
 8486f63904e6eea034f3c8bdce11a319 45460 ruby optional ruby-actionmailer_7.2.2.2+dfsg-2~deb13u1_all.deb
 cbdd77881db26468b3a72d5afaa62cb7 216736 ruby optional ruby-actionpack_7.2.2.2+dfsg-2~deb13u1_all.deb
 b3d05c3c87b0f97cd74acfb9acb6cf3a 131912 ruby optional ruby-actiontext_7.2.2.2+dfsg-2~deb13u1_all.deb
 5b91b852be06c1775427a0ba9ea03dd0 170024 ruby optional ruby-actionview_7.2.2.2+dfsg-2~deb13u1_all.deb
 8b45f2eca054e9c711d504766ab61997 49184 ruby optional ruby-activejob_7.2.2.2+dfsg-2~deb13u1_all.deb
 0630ae553c54de9d393ec26374fac1f6 75388 ruby optional ruby-activemodel_7.2.2.2+dfsg-2~deb13u1_all.deb
 5ba3d89d7028db9338917714f8909553 447596 ruby optional ruby-activerecord_7.2.2.2+dfsg-2~deb13u1_all.deb
 6871c51a7d638d8dd829237cf5c4ebc7 68912 ruby optional ruby-activestorage_7.2.2.2+dfsg-2~deb13u1_all.deb
 918dce6321f4ed6f449b3aefddfbb068 223124 ruby optional ruby-activesupport_7.2.2.2+dfsg-2~deb13u1_all.deb
 bb7c4138af3622b4cc0a6ddc22cde7fb 26852 ruby optional ruby-rails_7.2.2.2+dfsg-2~deb13u1_all.deb
 417588d55705f6b401e311fcafddf81d 171628 ruby optional ruby-railties_7.2.2.2+dfsg-2~deb13u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmlEmZoACgkQJuP6X4A0
XeIGkxAAxY1dIhv7p7zmhRDo84M0PN29W1P+JWnDbpcIKzANyqpEzRhhyNOjdkOU
b/TP9sKH4vux+8nqjWW+S7893pc6xwSwIxy0V4gw7wVtSiPlVqhSJoyrCMofZn5A
nDD86Je24q5HEXKhkbz67H3IkaBDf7wypTV03cAVdtYKqISWoX4bBGvIdbhRwk4a
2f05l1ZWM1A03mQPceve4gyHaz91wRqbR+8KKvXVUZjctFepd5OqmPMZgvffkfR1
XM2KipL4tVr3hjCYD+MJvrYGBFjlHsDNv1Tm9124D3ThohICfjOr8I+yDQDgAdaH
Qi43YrkHTVjrWNiiz9zPvSRjxnVGrf/VZz0gLyysi+2ZH4DtzE9et89y/feMctZM
9h0IdxjDbuTGk3TVcqxO5mgK9szxe6qXB8swYBQ6NGcU82KZp8QsLs127LdaHjLD
LzjA8YOrmkwEt5u2UIJaQ6QNUz33Xp7Nah5WEmjcoeUMEfFBjgtZucH3rg5eHxdY
huHY6dAgEk1yXEBXk7osptHN3U4aYUZNlT8yA+9ix0sMCzWrdCYT2IO/WsVLMmj6
L2iX131LvFgKqgdStyx8Ho9PVFgdkxyex4DIX+jDEN1W1545KIdpu+CNL6s7Q3Kr
56wStnCnQpHKWIhNm8e0zWf8WEFpXm0q0n7jGmTTq2QKlOvpZ5M=
=WrY2
-----END PGP SIGNATURE-----