Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted ruby-rack 3.1.18-1 (source) into unstable
Date: Thu, 30 Oct 2025 10:25:03 +0000
Signed by: Utkarsh Gupta <utkarsh@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Oct 2025 08:52:58 +0100
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 3.1.18-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Closes: 1117627 1117628 1117855 1117856
Changes:
 ruby-rack (3.1.18-1) unstable; urgency=medium
 .
   * New upstream version 3.1.18.
     - CVE-2025-61772: Multipart parser buffers unbounded per-part headers,
       enabling DoS (memory exhaustion).
     - CVE-2025-61771: Multipart parser buffers large non‑file fields
       entirely in memory, enabling DoS (memory exhaustion).
     - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS
       (memory exhaustion).
     - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may
       allow proxy bypass.
     - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead
       to memory exhaustion.
     - Closes: #1117855, #1117856, #1117627, #1117628
Checksums-Sha1:
 144757b745f5523c1ed22675aa405b8e8548300a 2360 ruby-rack_3.1.18-1.dsc
 f358e5c6c93492298cada4c1da6d7db167d161ab 796966 ruby-rack_3.1.18.orig.tar.gz
 4b5ad32873c25eb7bf8cdff7bb3df07aa5ca28dd 7800 ruby-rack_3.1.18-1.debian.tar.xz
 ae15d64c21c0683034d8b5937e8098182e3c46a1 15766 ruby-rack_3.1.18-1_source.buildinfo
Checksums-Sha256:
 7ce053b4c003bfcd15e4246ad65dea5e52a90f4cafeb0883243dc0be48475adb 2360 ruby-rack_3.1.18-1.dsc
 7d6d19dd11565706cd4eb0d3952ac0e54b21d0e197c68d4093ec56ebe860ff80 796966 ruby-rack_3.1.18.orig.tar.gz
 572dd51e33f01697bba01f9f55d1482fabd8a821c20415a5d2ceb8fef3f208c2 7800 ruby-rack_3.1.18-1.debian.tar.xz
 872a4bed3a9856a0163a386ec0dff4badfd40a371c7d4154ee65551ef109db42 15766 ruby-rack_3.1.18-1_source.buildinfo
Files:
 686b96316b060a331f15a7af19bcbb99 2360 ruby optional ruby-rack_3.1.18-1.dsc
 19b3825059eeb5f37aeba510663be6cd 796966 ruby optional ruby-rack_3.1.18.orig.tar.gz
 01449210c27ec843cce5540172234da4 7800 ruby optional ruby-rack_3.1.18-1.debian.tar.xz
 1ea96aa4dc670f5afe0459c417327e4e 15766 ruby optional ruby-rack_3.1.18-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmkDJWMTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLltZ6EADXO4uf5kcYdNa7xMTPiKYr4zmJ+U5Z
NFqfyRgRXMMYBB+D8D86/fgh1Hex7g81AK0/ruKUkE0exkevBwY834by9EYuyIco
XDhEgsjBuIsNFIcRupDBmeg9X17gnnt1Fb4jOCamTYOc/H9zR+Q09Cv3J0rGBbEM
eB2kFFH0kl1Z3OZXW1DzsSu2+KEHs8/Au1L3ga7zl2RtmYZ1WCR2GK7AOr0L4h2J
6rNaamqOtA/Y0+u9TatIgLYjt0OJbDU97j6h9YSVG9rx3Bu5QBSiCwtaT2gKevkh
OnuP/zGty4pkHgVoVxX420FKSsE1K5TRhAZ4J9I+tOscF0azyLyakufmyvEyh1qC
4SpmS7G8tLmV7+cLOuOsuxtzI9M0bZsln2Q56h0TMowhvL0puCiksXbs5bWVnr4B
6vc71VSPa3ZZk9CToD3B5gCH6u3YXhCD3deMgcnDEO7U1YnB2+xMu1mRReieEGcM
1qi2sKXgTdn7Yw1JpzhhRmgwovhGOEWYpqOeFc2qcXCl00mw5CzTDFAjO27L7nAQ
R2chxOCNDtl38BeOj/Lq2RjhjrIXz9Wrx3EZumy5Okz/mAzys+xI730qDcjFJ29m
EOYpe00y10JGMEAswTqS/QsVcUaAp6T6xJPiSRoCfRw8pIMnvy6rrFyW2dr2M+uF
Sj1QdlvsMLMY0w==
=SUl+
-----END PGP SIGNATURE-----
News for package ruby-rack
