ruby-actionpack-3.2 (3.2.6-6+deb7u2) wheezy-security; urgency=medium

  * [CVE-2014-0081] XSS Vulnerability in number_to_currency,
    number_to_percentage and number_to_human
  * [CVE-2014-0082] Denial of Service Vulnerability in Action View when using
    render :text
  * [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route
    Configurations (Closes: #747641)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 10 May 2014 14:33:15 -0300

ruby-actionpack-3.2 (3.2.6-6+deb7u1) wheezy-security; urgency=low

  * [CVE-2013-6417] Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
  * [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails
  * [CVE-2013-6414] Denial of Service Vulnerability in Action View
  * [CVE-2013-6415] XSS Vulnerability in number_to_currency
  * [CVE-2013-4389] Fix Possible DoS Vulnerability in Action Mailer

 -- Ondřej Surý <ondrej@debian.org>  Wed, 04 Dec 2013 11:39:44 +0100

ruby-actionpack-3.2 (3.2.6-6) unstable; urgency=high

  * [CVE-2013-1855]: Fix XSS vulnerability in sanitize_css in Action Pack
  * [CVE-2013-1857]: Fix XSS Vulnerability in the sanitize helper of Ruby on Rails

 -- Ondřej Surý <ondrej@debian.org>  Tue, 19 Mar 2013 09:45:34 +0100

ruby-actionpack-3.2 (3.2.6-5) unstable; urgency=high

  * debian/patches/CVE-2013-0155.patch: fix Unsafe Query Generation Risk
    [CVE-2013-0155] (Closes: #697802)

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 09 Jan 2013 18:25:45 -0300

ruby-actionpack-3.2 (3.2.6-4) unstable; urgency=high

  * Add patches for security problems (Closes: #684454):
    + CVE-2012-3463 - Ruby on Rails Potential XSS Vulnerability in select_tag
      prompt
    + CVE-2012-3465 - XSS Vulnerability in strip_tags
    + Both patches were edited from their original versions in two ways:
      - the leading a/ and b/ from the filenames were stripped
      - changes over test files were removed, since the Debian package
        contains no test files.

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 10 Aug 2012 13:08:08 -0300

ruby-actionpack-3.2 (3.2.6-3) unstable; urgency=high

  * Add patch by Aaron Patterson for CVE-2012-3424 (Closes: #683370)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 04 Aug 2012 09:28:12 -0300

ruby-actionpack-3.2 (3.2.6-2) unstable; urgency=low

  * Bump build dependency to gem2deb >= 0.3.0~

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 24 Jun 2012 19:06:43 -0300

ruby-actionpack-3.2 (3.2.6-1) unstable; urgency=low

  * New upstream release.
  * debian/control:
    + review short description
    + add myself to Uploaders:

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 16 Jun 2012 21:15:28 -0300

ruby-actionpack-3.2 (3.2.3-2) unstable; urgency=low

  * Add Conflict with ruby-actionpack-2.3 (Closes: #673737)
  * B-D ruby-activerecord-3.2 and ruby-activesupport-3.2 are already
    in unstable (Closes: #671986)

 -- Ondřej Surý <ondrej@debian.org>  Wed, 23 May 2012 13:03:07 +0200

ruby-actionpack-3.2 (3.2.3-1) unstable; urgency=low

  * Initial release

 -- Ondřej Surý <ondrej@debian.org>  Wed, 25 Apr 2012 09:14:01 +0000
