Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted ruby-rack 1.6.4-4+deb9u2 (source all) into oldstable
Date: Fri, 10 Jul 2020 12:00:13 +0000
Signed by: Utkarsh Gupta <utkarsh@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 10 Jul 2020 16:48:01 +0530
Source: ruby-rack
Binary: ruby-rack
Architecture: source all
Version: 1.6.4-4+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Description:
 ruby-rack  - modular Ruby webserver interface
Closes: 963477
Changes:
 ruby-rack (1.6.4-4+deb9u2) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Add patch to use Dir.entries instead of Dir[glob] to prevent
     user-specified glob metacharactersfix. (Fixes: CVE-2020-8161)
   * When parsing cookies, only decode the values.
     Patch utils to fix cookie parsing. (Fixes: CVE-2020-8184)
     (Closes: #963477)
Checksums-Sha1:
 ad72f4b2e6dbd5e2ee96cb86f7d58e5a1cecf629 2300 ruby-rack_1.6.4-4+deb9u2.dsc
 638c3760d5d1efaf3c33e7d649e56bc766e065f5 232193 ruby-rack_1.6.4.orig.tar.gz
 027496f0f01c33018290b85c7bd28541d6876ae3 7952 ruby-rack_1.6.4-4+deb9u2.debian.tar.xz
 07e5dd86a4e85abf4c08499d200346e29674bbc4 88846 ruby-rack_1.6.4-4+deb9u2_all.deb
 088555ec251426311175323966fdcd5725688146 7240 ruby-rack_1.6.4-4+deb9u2_amd64.buildinfo
Checksums-Sha256:
 b1940047bafe28632b84f0771f195abc5e1900711c6ba3000fcaea319f8da9c6 2300 ruby-rack_1.6.4-4+deb9u2.dsc
 ceee5dd5aa0b0e2f765085e7dc378dab993bb80632974ad753e606547c6babd0 232193 ruby-rack_1.6.4.orig.tar.gz
 1b085ec4042def483ab2fe38d3ece6253cecb8b0322c2ff76be7f88c5b93fc86 7952 ruby-rack_1.6.4-4+deb9u2.debian.tar.xz
 6d52655f31e0aac4cd1b566a43bd8b36abdf1a7c1a470169e56e846e3600ce21 88846 ruby-rack_1.6.4-4+deb9u2_all.deb
 97ef851b8b32c4e184167db099a4ca2f7231bad824866bc2f385ca083f511d53 7240 ruby-rack_1.6.4-4+deb9u2_amd64.buildinfo
Files:
 2679970889e5b4e03aaf58b38d1bf50e 2300 ruby optional ruby-rack_1.6.4-4+deb9u2.dsc
 6c24629ae41942168fe2b36902cd8c49 232193 ruby optional ruby-rack_1.6.4.orig.tar.gz
 d331f15c10c91b55ab376f44e81288bb 7952 ruby optional ruby-rack_1.6.4-4+deb9u2.debian.tar.xz
 b48acb99a1fae3392cc1c776de033332 88846 ruby optional ruby-rack_1.6.4-4+deb9u2_all.deb
 2a48f52e1a6ba595e007d40231cc422e 7240 ruby optional ruby-rack_1.6.4-4+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl8IVQwTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLllUXEADpY2Qc5Ww3eJVvdpb+fcxyFXS0uFJE
tAV8CSu+E2Ydj0XYNoKuRKk1QkRC1HIHujjAwgtb9Klm7nt1K/5DdNK238CD4pCX
AmQN55i3vJESGyLk7IE9uMhdtJyXFYJclOYrw6Bzck0wJMkUXwbu1eS9D8RiHUaE
/zFrcFg9G0jfj0xEGqx+NsdSznk6Lot4K6PeS0MXC9730DR5w6uFlJ8XMS0LwXrb
sCqvRvB4RlRejkx0IotUbVOCH4ztB8XjKWSnciaI3mojFbLXO1Iwqwc9oONKHVvn
hBINW+E8/3h7bvhGXkRFs2Cj933VdELd4AVV8sG0cJadYue3BKhfNBfoEeRAy2mZ
PEvZTjv0T9bxMQ5JXd00htojOK1Q5XScee4PawrogLH2FpnO9yVopJsbxzQnMuUe
azlRiwFpP/2XhlWH+5cPMMvrGhdnESJAu3pYoPbx9CDL8S0kc1EgGPFx/67xH4OD
yFXYO3JhRm+bLuS74Q66K9ImEK/8xyYOAF/ryKO1SOVrLSCvElPKnCjRPertTqxY
3YiabIimcjZpbBz7bUYxqWlyafphyf8w79dslI6hh2Ssndq1Odu6h1V+Z7UVkUgk
x6OwwsMdLYCznt6nv6kRtyDUAtkTWc1Y78u2MrgzVRpNT7o6sqQsCOK1rhAzhXFP
fEy636olFxWWzQ==
=5EPr
-----END PGP SIGNATURE-----

News for package ruby-rack