Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted ruby-rack 2.1.4-3+deb11u3 (source) into oldstable-security
Date: Mon, 24 Mar 2025 21:30:21 +0000
Signed by: Adrian Bunk <bunk@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 22 Mar 2025 13:33:04 +0200
Source: ruby-rack
Architecture: source
Version: 2.1.4-3+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Changes:
 ruby-rack (2.1.4-3+deb11u3) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2025-25184: Log Injection in Rack::CommonLogger
   * CVE-2025-27111: Log Injection in Rack::Sendfile
   * CVE-2025-27610: Local file inclusion in Rack::Static
   * Fix FTBFS with current ruby2.7
Checksums-Sha1:
 a4f605e3a6e6fcd7195a710282e3fcc4535ef76c 2345 ruby-rack_2.1.4-3+deb11u3.dsc
 fb78585706dacc2ec7997b7c1af7d6320acd33c3 251772 ruby-rack_2.1.4.orig.tar.gz
 684fdec00943591119fa7aa04e56010f37ade11f 18436 ruby-rack_2.1.4-3+deb11u3.debian.tar.xz
Checksums-Sha256:
 705f6475ab034cd62aac651f2f203da56bb4d3584ea12c7262198c92bef49598 2345 ruby-rack_2.1.4-3+deb11u3.dsc
 f0b67c0a585d34a135c1434ac2d0bdbb9611726afafc005d9da91a451b1a7855 251772 ruby-rack_2.1.4.orig.tar.gz
 194e9910196f434a0ac8f4f50a82c34a0d1f1433916f2e88fb107da5e0b28399 18436 ruby-rack_2.1.4-3+deb11u3.debian.tar.xz
Files:
 0f710bdaf6589463d8788ce7e0757a41 2345 ruby optional ruby-rack_2.1.4-3+deb11u3.dsc
 92633b2d98f6caa2fdaebcd0b15eb42d 251772 ruby optional ruby-rack_2.1.4.orig.tar.gz
 4ac17b326203c8d4409a237c358b1d6d 18436 ruby optional ruby-rack_2.1.4-3+deb11u3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmfhy6gACgkQiNJCh6LY
mLH6Sw//XEhmwMis5UpszsPdwWGf/dlQRmOOukygIJ2BHHotpTV1awVjWDr+jLO3
CuA8SzsJ0Q+hwS0TSy+SjspMf9fG8scZeG8TG6f7Qoyxfu2qAAgIWPugPWscbiXn
oeVCJB4Nel3dBS9nRM5eNnc6i+Soh+amZhyY1qxyKwHo0xihVCw7Pst7FdM4N4Ze
pzEuJV6gOMa1sC/SVmA9nOJhguBtsWLbgPv7MYZqnkzPtq6jtFSlrn37ml9LAKSL
bxkTm9fgSajhBKYrshKtDWI4EtOMDpW2kZ8mGOfcZ5T/Z4vhIfvvgev4aUD2WUda
VGXTPyr2RpQ0kVdp7mZMW2oqtjRzcSzjv3LJyYpz8IBQAt59h8Xs5aDvEVuIPM/q
IKnZnveykR6Dxx4plTsViDYrAdHm+whPt63f2E6gzmdCOs4mYRnNfCT94gkYmKlJ
YI0SZWWOO9xy5I8Tresr6g+PBFVCPc5p+8LhaB9+oaf0Zp5/VC9c5Uk02JeVQvZX
73cMEdHtSkGuHdwt497iaXQhCOVU2BeK2tsi+0oWq7EuR9NMD0L85zrBWmpIA4Fd
gIaVAOTUpY3FGM+H39SNzZrJq784yHXCHAYzWoJm3ej3If+YpCXPolP6NrDCxYmX
fx2ZDkGpPufOtxfrzf0j5NnHSuEgrpFzT4EnKumAsXYccoD5Jb8=
=UyWl
-----END PGP SIGNATURE-----

News for package ruby-rack