Package: rails / 2:4.2.7.1-1+deb9u1

Metadata

Package Version Patches format
rails 2:4.2.7.1-1+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Be careful with that bundler.patch | (download)

railties/lib/rails/generators/app_base.rb | 6 2 + 4 - 0 !
1 file changed, 2 insertions(+), 4 deletions(-)

 be careful with that bundler


0002 load_paths.rb don t load bundler.patch | (download)

load_paths.rb | 4 1 + 3 - 0 !
1 file changed, 1 insertion(+), 3 deletions(-)

 load_paths.rb: don't load bundler


0004 ActiveRecord adjust test suite for Debian build.patch | (download)

activerecord/test/cases/associations/cascaded_eager_loading_test.rb | 1 1 + 0 - 0 !
activerecord/test/cases/associations/has_many_associations_test.rb | 1 1 + 0 - 0 !
activerecord/test/cases/core_test.rb | 1 1 + 0 - 0 !
activerecord/test/cases/invalid_connection_test.rb | 2 1 + 1 - 0 !
activerecord/test/cases/relation_test.rb | 2 2 + 0 - 0 !
5 files changed, 6 insertions(+), 1 deletion(-)

 activerecord: adjust test suite for debian build

Let's fix or skkip a few tests that are broken on Debian.  This is just
to have minimal testing of ActiveRecord, but I should investigate deeper
why the hell those tests are failing.

0005 relax json.patch | (download)

activesupport/activesupport.gemspec | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
006 CVE 2018 16476.patch | (download)

activejob/lib/active_job/arguments.rb | 2 1 + 1 - 0 !
activejob/test/cases/argument_serialization_test.rb | 4 4 + 0 - 0 !
2 files changed, 5 insertions(+), 1 deletion(-)

 [patch] do not deserialize globalid objects that were not generated by
 Active Job

Trusting any GlobaID object when deserializing jobs can allow
attackers to access information that should not be accessible to them.

Fix CVE-2018-16476.

007 CVE 2019 5418_CVE 2019 5419.patch | (download)

actionpack/lib/action_dispatch/http/mime_negotiation.rb | 6 5 + 1 - 0 !
actionpack/test/controller/mime/respond_to_test.rb | 14 8 + 6 - 0 !
actionpack/test/controller/new_base/content_negotiation_test.rb | 16 13 + 3 - 0 !
3 files changed, 26 insertions(+), 10 deletions(-)

 [patch] only accept formats from registered mime types

[CVE-2019-5418]
[CVE-2019-5419]