-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 15 Oct 2020 23:39:36 +0200 Source: puma Architecture: source Version: 3.12.0-2+deb10u2 Distribution: buster Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Daniel Leidert <dleidert@debian.org> Closes: 952766 953122 972102 Changes: puma (3.12.0-2+deb10u2) buster; urgency=medium . * Team upload. * d/patches/0009-disable-tests-failing-in-single-cpu.patch: Add author and bug tracker information. * d/patches/CVE-2020-5247.patch: Add patch to fix CVE-2020-5247. - Fix header value could inject their own HTTP response (closes: #952766). * d/patches/CVE-2020-5249.patch: Add patch to fix CVE-2020-5249. - Fix splitting newlines in headers and another vector for HTTP injection (closes: #953122). * d/patches/CVE-2020-11076.patch: Add patch to fix CVE-2020-11076. - Better handle client input to fix HTTP Smuggling via Transfer-Encoding header (closes: #972102). * d/patches/CVE-2020-11077.patch: Add patch to fix CVE-2020-11077. - Reduce ambiguity of headers to fix HTTP Smuggling via Transfer-Encoding header (closes: #972102). * d/patches/series: Enable new patches. Checksums-Sha1: 01ccd216dfa13d28e10ca56c2c46b936aaae7d19 2004 puma_3.12.0-2+deb10u2.dsc 1ea15fbb2128dc63de8550c97d6f6c3dc26fa1b9 11800 puma_3.12.0-2+deb10u2.debian.tar.xz 22c9901bf839b62cf20ec908cf946580102ce750 9200 puma_3.12.0-2+deb10u2_amd64.buildinfo Checksums-Sha256: 2654a528baa52d73dc0b6c916f0229cc2f7a98ff18eb59606d9c7c2fb35c024f 2004 puma_3.12.0-2+deb10u2.dsc 6bd83f1e75d4c8470afd919f17407edade486a2c739ac58777f351c7a69bf22d 11800 puma_3.12.0-2+deb10u2.debian.tar.xz 2f7c12fb2afebbb9b4adbfe382c917f3c08820d79f2e4841a175a040d850b528 9200 puma_3.12.0-2+deb10u2_amd64.buildinfo Files: 63fc92aeffdba960c6e68651e4abacbc 2004 ruby optional puma_3.12.0-2+deb10u2.dsc 7c294152781f4c567daf0ca2018f1d2b 11800 ruby optional puma_3.12.0-2+deb10u2.debian.tar.xz 9384d28942172e7c2afae50e105fcf67 9200 ruby optional puma_3.12.0-2+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl+I6L4ACgkQS80FZ8KW 0F2vCg//befP8Y/o2PIhOBoRvhmko380+TimC0LMGAAWpjSBX4t9izMYpJTiishA bfWHctD9fCtzRfqxXwKgILd1YmpcGqbZdDBlxgBuSUcTXb5YM5DpPocFwCtBQx5o mGlGaHMvZZ9K4BYVg/pTW0e+RicfN7saVHZ2/0WlKT3av6PTCYrR7FsQbLVfl57q G/N42UfNy/nB6YJuqHu3Co+cQaVxcwIfUS2FM2ON2To8EnCMj8guAaFHvhplYFo8 LHjmzBv6KxCXT3b8KLk9E3wcaACSryt3AgZhC8bbozUdJel11xrMwC7GJIA2UptQ 1SkW21KIYb5q6uBhf3LLM/CNRXn8YPenU7DIfAfu9tx7t4EzKwFU31qLe9ieT99A QPsYIQy7sja0zsTFOnR5CGCg8TnXoN2qpN609tWh56QZcN3RCxxHLCznLPakUTUZ OsiBlN7blyrvJB7tIK0Y4B4FKiy7Mpy2ESq2huALdoNWyf1NcQye12Q6IxTJoatj +ps5OSHtWzbDG4yptjRxNYT31qEpTrUF1jLgSDnRjnbYjGJuVJTU7qkidlxNBWZ7 clqJdAU5qKO60RPvREwOAe/YyCc3v+Cl0e2HsDXQnymYDpqgYtcnYwvKOCcWoMVr GDdHr3I55dkfDc3ADfBrrIOSCJnXR/VoITr7FwChAkjJ3Sn15o8= =S7/T -----END PGP SIGNATURE-----