-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 01 Dec 2025 21:45:40 +0100
Source: rails
Architecture: source
Version: 2:7.2.2.2+dfsg-2~deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1111106
Changes:
 rails (2:7.2.2.2+dfsg-2~deb13u1) trixie-security; urgency=medium
 .
   * Team upload
   * New upstream release
   * Fix CVE-2025-24293 (Closes: #1111106)
     Active Record connects classes to relational database tables.
     The ID passed to find or similar methods may be logged without
     escaping. If this is directly to the terminal it may include
     unescaped ANSI sequences.
   * Fix CVE-2025-55193.
     Active Storage attempts to prevent the use of potentially unsafe image
     transformation methods and parameters by default.
     The default allowed list contains three methods allowing
     for the circumvention of the safe defaults which enables potential
     command injection vulnerabilities in cases where arbitrary
     user supplied input is accepted as valid transformation methods
     or parameters.
   * Target trixie in salsaCI
Checksums-Sha1:
 9b5d37116d14dcb6ad065c48dc66bdf8768d6297 4730 rails_7.2.2.2+dfsg-2~deb13u1.dsc
 b2d4083becc6fdef86e817c6e9727033a19b7a9e 8049424 rails_7.2.2.2+dfsg.orig.tar.xz
 22dbcb514a6960ee4c394944a37e34e6e03f34c3 102744 rails_7.2.2.2+dfsg-2~deb13u1.debian.tar.xz
 d7e1c3b711dddd29e287a2cb4b70ffd1c2f63c7d 17162 rails_7.2.2.2+dfsg-2~deb13u1_source.buildinfo
Checksums-Sha256:
 f7b5053a8c83ec4e3b091af7a772607fe5b4859dc116ce0e5b523d5f932bcf82 4730 rails_7.2.2.2+dfsg-2~deb13u1.dsc
 0fc71b56afdc4721f45bc4c9134f43e71e7a66ea542b674b1f652743da0d760b 8049424 rails_7.2.2.2+dfsg.orig.tar.xz
 a140ddeba2030f38d130476f0b26c821074d5673424a171cb32016d4b9fd8bc4 102744 rails_7.2.2.2+dfsg-2~deb13u1.debian.tar.xz
 ea30c8a22baeb3707e81a710430350aa37f3ef5481f3d125c16c277621950024 17162 rails_7.2.2.2+dfsg-2~deb13u1_source.buildinfo
Files:
 1d454d35f6150342943cb08e81afbead 4730 ruby optional rails_7.2.2.2+dfsg-2~deb13u1.dsc
 d02d956d119f37e12fe566a6a217e510 8049424 ruby optional rails_7.2.2.2+dfsg.orig.tar.xz
 8b5ecd55f9ce86f42b90ff32a23f1fc4 102744 ruby optional rails_7.2.2.2+dfsg-2~deb13u1.debian.tar.xz
 3847ed8d490a1626d66ddd8ea8c1cb96 17162 ruby optional rails_7.2.2.2+dfsg-2~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmlElJIRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9HtRAAq7W+/ea2H7J18O9/NWEAy7f+eSGxeG7T
TpqhkLKSmqijjJRwsaG4h5SW7tqMXVx7u8Rqdzbz8XMy+/DJbV1d9vYzZeiYawB4
KQ0IebJbYiZfWWaVHRfi5RF8kgvjtEJdImdB+E8ezJnzZtcTcdaFsYtIWgbokDjv
tTxs1Lr22UdtO9vX9JPq0ncCiC/4BsZirWxm+jArJWKw/92YZBQsGB5NmNiQnViK
i23bS22peIiUNsfi8tuckR0q9GV9fxC5F+ueBBQz1kzFPPWUFGBbanAcpABiKyIf
JxgaximSx5wPGa13M9MbmDZbTxJvOi/1RH1AbodqD6U7yicGuCo2X/EHMmHR7fTX
rQX4FThDVmtX1ANFGGDrja17UpBk3OFtIjnRFnRBOEzRdKKfMjLrBHx5Q3wQYjWW
vCkvYhSWV1dMXWDIjXj5du5csW0EXHHJuzBuzNJku74nv3ehe15LgR+Ts2vEXU7B
4N7D+Kc+BZNKRz2BnrvXEmD7mSvXJLhW9MJGht7V4C1JQC5exQWG/+FwpGY7z9Wa
G0KpAAh5MzHaeFX3l8jWJpOP4ePpnr0gkNOqCghcA23h83c/j8R9zrH0M6gEvH8c
shwmPyuQQy+815G9DGcgIAAfRlx0z0/p/kF3sUsubVy9jfHk3mk/hTwQJJoJN/my
hSY4VFDl7W4=
=URbj
-----END PGP SIGNATURE-----