-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 May 2022 23:55:31 CEST Source: puma Binary: puma Architecture: source Version: 3.6.0-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: puma - threaded HTTP 1.1 server for Ruby/Rack applications Checksums-Sha1: 03d0c8a5961e6c93ad9f5bc255242ff6ac6b4856 2168 puma_3.6.0-1+deb9u2.dsc 39163657daadb8c56ca3c5fe6aa4318e713a8a68 7536 puma_3.6.0-1+deb9u2.debian.tar.xz 19fd9fc81550e187342547e9a749971bff2be17e 7593 puma_3.6.0-1+deb9u2_amd64.buildinfo Checksums-Sha256: d19fb89f54a4b28fd505b675959bbb6e34869ac9b40fde5558729afa843a7180 2168 puma_3.6.0-1+deb9u2.dsc fd84943a0f83f2fc99f392b980c1bb60b2f035260192b25eb74356cd1b3cc5dc 7536 puma_3.6.0-1+deb9u2.debian.tar.xz d56e81e9975b2e8fc1d0f6b0e2e76a47f72d46a96628bf2fb9ee0127678b1a28 7593 puma_3.6.0-1+deb9u2_amd64.buildinfo Changes: puma (3.6.0-1+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-16770: client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack * Fix CVE-2020-5247: HTTP Response Splitting * Fix CVE-2022-23634: Puma did not always close the response body which could lead to information leakage. Files: 3d2c90ef209ea5198da7b2ba0a5315df 2168 ruby optional puma_3.6.0-1+deb9u2.dsc fb672f24ffe573fa251647e9d977296f 7536 ruby optional puma_3.6.0-1+deb9u2.debian.tar.xz 443efa413dbc1f5242681a0fccffacdf 7593 ruby optional puma_3.6.0-1+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKOpd5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkoM0P/iRFHPhtwuz5u0xJSLxOWFHklkINZwOBILmY wcpAoWXWsTP7D1FXG5oODoKN+EzNgqS/ye3Nbr9gLBSjvKoN5zjXPcnJ3qdMi0G+ lrKU2G69FzU9JQP8blomN2tchHM0hmNWvNFDUlRuuAqdrqTnt0BT//Cm4hHG36Rl NOBXRntLeBRjBTVVzpbkmeRWHlZe4pqxfGuHmfxc4NbhQyRjSKkX9RMIZyv4v1Sx sOb6g0hmaB+t2L/OqI+cWhC7kOdIdZl7IYpXrOJ07GKtTD8nkKgvll0JavCTI4Ot x/jTNdsdLUD6obsIqXI6UtC5NuimZVBuZeAnEqtCNyAGAsrrzFaQY80S+Ap3p6g6 S+1VCGZnPDstOY2UukVqKDubJUS83Jg1cpTpGElc7v0s/6s12dvuvvbBq4UdZ32w CZCD+5L9ZvZRqnNdE5SoMhSOjGhO1E0y3U6yGaAy5/L6eOIYP3N/nM5DwzsBgrAS EexICx4Crs258rHl3Qs5xzqDjwXaKf7ps8HX6P3PIqMmGvtcaUrFdrUY8P8CuOaq SrkUOsp5Jgogi/WVKAF0uYz5uYam4nobjlUNm/XTXbou2gdsDmkVc4H05Sza6NEb P9iRvAXr0JYzSltP/raIPxQD2zSIoKnhb09/UBAh12ETLIC8VjMSrWSy/C74k0Rf F1GEDVm0 =WcJi -----END PGP SIGNATURE-----