Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted ruby-rack 2.1.4-3+deb11u1 (source) into oldstable-security
Date: Sun, 22 Oct 2023 12:29:07 +0000
Signed by: Utkarsh Gupta <utkarsh@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 08 Jun 2023 03:22:23 +0530
Source: ruby-rack
Architecture: source
Version: 2.1.4-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@ubuntu.com>
Closes: 1029832 1032803 1033264
Changes:
 ruby-rack (2.1.4-3+deb11u1) bullseye-security; urgency=high
 .
   * Add patch to restrict broken mime parsing.
     (Fixes: CVE-2022-30122)
   * Add patch to escape untrusted text when logging.
     (Fixes: CVE-2022-30123)
   * Add patch to fix ReDoS in Rack::Utils.get_byte_ranges.
     (Fixes: CVE-2022-44570) (Closes: #1029832)
   * Add patch to fix ReDoS vulnerability in multipart parser.
     (Fixes: CVE-2022-44571) (Closes: #1029832)
   * Add patch to forbid control characters in attributes.
     (Fixes: CVE-2022-44572) (Closes: #1029832)
   * Add patch to limit all multipart parts, not just files.
     (Fixes: CVE-2023-27530) (Closes: #1032803)
   * Add patch to avoid ReDoS problem.
     (Fixes: CVE-2023-27539) (Closes: #1033264)
Checksums-Sha1:
 49fbc941395ced63e99d5474d8be59971735fb87 2374 ruby-rack_2.1.4-3+deb11u1.dsc
 fb78585706dacc2ec7997b7c1af7d6320acd33c3 251772 ruby-rack_2.1.4.orig.tar.gz
 1be2aae240d593288073b0e138f4797bc2e98613 13464 ruby-rack_2.1.4-3+deb11u1.debian.tar.xz
 64ba149b02457e40f4a1c010d0de56ebfdef9a1b 14221 ruby-rack_2.1.4-3+deb11u1_source.buildinfo
Checksums-Sha256:
 3f4985975c0269374b81213ee5c2fc294fa7a626007da37da6b73ababf991837 2374 ruby-rack_2.1.4-3+deb11u1.dsc
 f0b67c0a585d34a135c1434ac2d0bdbb9611726afafc005d9da91a451b1a7855 251772 ruby-rack_2.1.4.orig.tar.gz
 cc9a90ed19608070ac73a40bbca2487624dae75ccf2a40516774cfd6edd6bfbb 13464 ruby-rack_2.1.4-3+deb11u1.debian.tar.xz
 81519b74286087096b841974fda563e25b4f7956959d396d7dbaa7eb7243bd5f 14221 ruby-rack_2.1.4-3+deb11u1_source.buildinfo
Files:
 9922bbaf830cc1b43e178d39d3b74975 2374 ruby optional ruby-rack_2.1.4-3+deb11u1.dsc
 92633b2d98f6caa2fdaebcd0b15eb42d 251772 ruby optional ruby-rack_2.1.4.orig.tar.gz
 5b7cfa818c82f84500dc30937b12810a 13464 ruby optional ruby-rack_2.1.4-3+deb11u1.debian.tar.xz
 14c58079f7553da2b8c026f026e9b8f6 14221 ruby optional ruby-rack_2.1.4-3+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmSJiXYTHHV0a2Fyc2hA
dWJ1bnR1LmNvbQAKCRCCPpZ2BsNLlvSlD/4rNlI4bWzm96TtqKXPw0Yny/v8x22S
Ac0TiCHmQZIRb0GM9OXye5XWsEQgn5yJ0vP0H1zr5YsJWGdQuGy1OdrfhkweILKU
vGH5V5K2LnP6ooIa/JbHmqaR5Sw3K554NhUJopNfy5ttgltpOd/in7FNXQIk6VbK
x0H84E8HcFE/2MwwmAdPwA/Up+o00r0YB8kEHD0ByKhk1gISsnxdrLQcNqVyRXSN
NTatEZR22bvHSoEHNI+uqsYw862ZneDGZuWFHw9lEosoVnYy8BCvTHHepOuz+iJ7
q9jy1JISmkgTWxXaIIlE7pEiPWKtzqf1eR/dVUWmk4mRudO8FBOe4xp3PDdDq0u0
pKIOotgHDkP70r2sjEBtxCFqHjhH8jehT+tk8OdjrI2QPKWGc0+EU9zV71fwsTyn
hUHGVeZJNfBaBVTv1cupMMY9C86sB1W8kSu/ZIobkmJp6MKswlMmx1QFf4MGhbqV
FJzSCrNQdVV5JCQCI8WJppeLubje7JSiMmDY+Ku1gcGjS+ZTIat7qnK82IA9rXys
WfXrS9UfhYczHEQ8pkYqQhzSQ071kP60jR74vntJKGplTPoginrSEWlTAI46VObf
99ZaAwVJvLudVhwXOghemn8VJ3SLCDeWDYrNX7VYidS7bk7C4AuqvOI4usWo12CQ
gloeXfzv3OmWpg==
=wzXn
-----END PGP SIGNATURE-----
News for package ruby-rack
