Comment 1 for bug 425988

Fixed in Karmic:

 rails (2.2.3-1) unstable; urgency=high
 .
   * New upstream release (closes: #545063)
     + Fixes XSS security hole [CVE-2009-3009]
     + Fixes timing issue with cookie store [CVE-2009-3086]
   * Remove dependency on ruby-dbi, as it is not required by any of the
     sources.
   * Correct dependency on fixed libxml-simple-ruby to 1.0.11-2 or later
     (closes: #538982)
   * debian/control
     + Change section from web to ruby
     + Updated to debhelper 7.0+
     + Standards updated to 3.8.3 - no changes