Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted ruby-rack 3.2.5-1 (source) into unstable
Date: Tue, 10 Mar 2026 03:33:31 +0000
Signed by: Utkarsh Gupta <utkarsh@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 03 Mar 2026 18:15:24 +0530
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 3.2.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Closes: 1128479 1128480
Changes:
 ruby-rack (3.2.5-1) unstable; urgency=medium
 .
   * New upstream version 3.2.5.
     - CVE-2026-25500: XSS injection via malicious filename
       in `Rack::Directory`. (Closes: #1128480)
     - CVE-2026-22860: Directory traversal via root prefix
       bypass in `Rack::Directory`. (Closes: #1128479)
Checksums-Sha1:
 ee51b180be708d93e56a08da39c05cbec7de403f 2356 ruby-rack_3.2.5-1.dsc
 576b33a732cae34ca6e6b9902cee742cefebb28e 4372803 ruby-rack_3.2.5.orig.tar.gz
 1533a6c3fb9894f38af23cca95f693cd0323675b 7952 ruby-rack_3.2.5-1.debian.tar.xz
 ba65f7ffd84770060bfade1423a344ae655922c8 15781 ruby-rack_3.2.5-1_source.buildinfo
Checksums-Sha256:
 0e260b829a7a3ef402d68ac87fa49ae27beb9a9aee9685276c4f6fa473c2588a 2356 ruby-rack_3.2.5-1.dsc
 4e62da1345d3cfce783d245a8a8e269b16a083e46c9c9a6cc0ee974b0d1dfe04 4372803 ruby-rack_3.2.5.orig.tar.gz
 7c9d6f540e086b4fa663ae4cf88de5e2393c7cd4d008ceade2931f58d15d37c5 7952 ruby-rack_3.2.5-1.debian.tar.xz
 e083743364122512c10f3a3bddc5bf175cfbea85294d2aeefdc56385b9e78a0d 15781 ruby-rack_3.2.5-1_source.buildinfo
Files:
 08c3076b69fa3ace17c317b5bb6304fd 2356 ruby optional ruby-rack_3.2.5-1.dsc
 437461d9e2f4bd4980a7bab40f0be177 4372803 ruby optional ruby-rack_3.2.5.orig.tar.gz
 a59e1764587cd354c8925dcec1838c5b 7952 ruby optional ruby-rack_3.2.5-1.debian.tar.xz
 c7ac4095ec512499d9c6c993c4cd6852 15781 ruby optional ruby-rack_3.2.5-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmmvi2sTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlvFdEACY00KCVlM09U3HiV+IZcKVosHV1xKT
QuyacSHI4XQDrlaiqHIDNPu21RhD3I0rqWtreRLV6vkYDIFQDFP/M1yrnm36FZLm
BlV8LRM/RJ9peNgvJdkLVqsFPuuTMgsb4L1AljELVwuSF/52zgwWBjhZirPml1O0
zLOfFXdThkbk6J1cSM9GZWm/fQ9VIuP7FQeNXNsGP+ab8d/3E9a5PphB+EoeSdhV
/iD6Ss5CTuFw2u/YxdOYKujjHxCtuIbNeJ7WUlAqe3+p0DDZSZaNAw6hQN3FS1y0
Lh+yPsWBdl83L5m7XsThLS4bKtzl2W/3+KE9F5WH0PC2hcz0Clu7N6xLnaklDuxH
XXfe/wuV5y+JQZqDZn2aGp/ZvorhPg0MU2yosI90qH2LnSVWghqhsRu/IRpufU0g
DHMPU5ep4DSS/pi0+6IkDSYpJoGzdw/IbMhLWeFjmkvqVMgfmA5mzGFaF2fyTonZ
fi+XkgdrMYOQ4+HLKQpra+Yw/N4Q5LA0GgPcE1F/guZnisDVVPzxd8cJa7IXDr4q
6jCgurxgwbwDdE3qmHWMIIYDUBDPxHuvgintUL1rPuAZ7ytXHXxmKD4XkZ3hAUyo
dV5smPu3DvV+sn6z9UK+WGWWpyPB4JfSQzXeBr48Off4nPa7JByb3qhpyTn2gdvi
s4QI3BJDg6sd3Q==
=HF6l
-----END PGP SIGNATURE-----

News for package ruby-rack