Aaron Neyer discovered that missing input sanitising in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message.

For the stable distribution (wheezy), this problem has been fixed in version 3.2.6-2+deb7u1. ruby-activesupport-3.2 was updated in a related change to version 3.2.6-6+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 3.2.16-3+0 of the rails-3.2 source package. We recommend that you upgrade your ruby-actionmailer-3.2 packages.

Action Mailer is a framework for working with email on Rails. Compose, deliver, receive, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments.

ruby-actionmailer-3.2 on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-2887.html

---

Updated on 2015-03-25