[SECURITY] [DLA 496-1] ruby-activerecord-3.2 security update

Type debian
Reporter Debian
Modified 2016-05-30T21:49:02


Package : ruby-activerecord-3.2 Version : 3.2.6-5+deb7u2 CVE ID : CVE-2015-7577 Debian Bug : N/A


activerecord/lib/active_record/nested_attributes.rb in Active Record does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.

For Debian 7 "Wheezy", this problem have been fixed in version 3.2.6-5+deb7u2.

We recommend that you upgrade your ruby-activerecord-3.2 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

--------------------- Ola Lundqvist --------------------------- / opal@debian.org Folkebogatan 26 \ | ola@inguza.com 654 68 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26 0A6A 5E90 DCFA 9426 876F / ---------------------------------------------------------------