Please sync rails 1.2.4-1 from Debian unstable (main)

As long as you merge it to remove the depens on libmocha that we don't have, ack from me.

ok from me

geser: Approved.

I'm not really sure what else I should upload here, I've reviewed the SRU and MOTU sponsoring uploads pages, but its a bit vague as to what exactly needs to be here. I have built and installed the package successfully on Feisty built from the upstream debian sources.

This is a sync request. ACKing it.

rails (1.2.4-1ubuntu1) gutsy; urgency=low

  * debian/control:
    + Remove libmocha-ruby1.8 from Depends for rails.
      It's not included in gutsy and only used for unit tests.
    + Modify Maintainer value to match DebianMaintainerField spec.
  * UVF exception: LP: #151078

rails (1.2.4-1) unstable; urgency=low

  * New upstream release. Fixes at least 2 XSS bugs.
    + Secure #sanitize, #strip_tags, and #strip_links helpers against
    xss attacks. Upstream changeset 7589
    + to_json did not escape values which allows for XSS. Applied
    upstream changesets 6893, 6894. This bug as also been assigned
    designation CVE-2007-3227 (closes: #429177)
  * Add dependency on Sqlite3 as ActiveRecord supports this DB as
    well
  * Add dependency on libmocha which is needed by some unit tests

 -- Michael Bienia <email address hidden> Tue, 09 Oct 2007 23:01:26 +0200

If someone can prepare (and test) the fixes and attach debdiffs that follow the [https://wiki.ubuntu.com/SecurityUpdateProcedures], I'd be more than happy to get them uploaded for the stable releases. Thanks!

Please close for Feisty as Won't Fix? This goes for all the other Feisty bugs.

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.