-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Jul 2015 17:12:00 +0900 Source: ruby-rack Binary: ruby-rack Architecture: source all Version: 1.5.2-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Youhei SASAKI <uwabami@gfd-dennou.org> Description: ruby-rack - Modular Ruby webserver interface Closes: 789311 Changes: ruby-rack (1.5.2-3+deb8u1) jessie-security; urgency=high . * Create cherry-picked patch for Security Fix (Closes: #789311). - CVE-2015-3225: 0001-Fix-Params_Depth.patch Default depth at which the parameter parser will raise an exception for being too deep, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. * Add 0002-Add-missing-require-to-response.rb.patch. Add missing require of rack/body_proxy in response.rb Checksums-Sha1: d6a1aa9178d58cf588ec3250c4b7dc03f624ffa0 2201 ruby-rack_1.5.2-3+deb8u1.dsc e679e7a3f09007e836f465d70971216fdb4ec7cd 218461 ruby-rack_1.5.2.orig.tar.gz d02386b87622eaf4c8aae7b64dfef0fd16c01874 7212 ruby-rack_1.5.2-3+deb8u1.debian.tar.xz 2f4dc5fa7afd0904d6c87d1f601634879c4200be 83690 ruby-rack_1.5.2-3+deb8u1_all.deb Checksums-Sha256: d9daf5e1a4220437b7a5d3bb00a3fa26edc789083add3eb75f84b6476ce9c6d4 2201 ruby-rack_1.5.2-3+deb8u1.dsc fd4fbd6545f9105baf62b6ea413b62d4724567c608b14de0a3a64568f81cc774 218461 ruby-rack_1.5.2.orig.tar.gz 56b5a29247dd9748a632187bb75c7279fdec81e27f660f45c8699688e973b977 7212 ruby-rack_1.5.2-3+deb8u1.debian.tar.xz 45412e16bc265ff50aff86ee7c4c8ee941fbe228173c075ab1e2de182a0941c1 83690 ruby-rack_1.5.2-3+deb8u1_all.deb Files: fed9e8384647d7133f831adef223cd6e 2201 ruby optional ruby-rack_1.5.2-3+deb8u1.dsc 84f6d82d041470c5c338ea06d7a01012 218461 ruby optional ruby-rack_1.5.2.orig.tar.gz 1da39eb245aef6045ea76697a2f89125 7212 ruby optional ruby-rack_1.5.2-3+deb8u1.debian.tar.xz 326091972d46a7f591fc72459be4fe0e 83690 ruby optional ruby-rack_1.5.2-3+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVumL3AAoJEAVMuPMTQ89ENlEP/35gb64DvcwIao36DSNpnW/T oJu4g+W8poJFWY3BcJYjV+XE/YYmf4feG405LIXfPx1zgvUGZqQ73Udj8flkYGiy H9gT/h/7dG8RM2/hzYn/LY2N3FLqRmnbvHTKgUqZs8WiRg2x0y1fz/QKjGXTFhsN ibTq/LlMcsVSwFmsNzfDWsAwdKgvIP4D5ZbU2dqctH0PnjWjnsTM9CQ0WLLFRys8 F0IHzs4BA8+cJ0e1cLe1kuEZIU4nEvjmwGsbb9dEwo+ueCkYPFz+FuPBLwU8tJ+t mkTw1ze+AbYeneXQBQdKUhmxUH8z+nHUaOE/IWM4CN03LEl4t3BeZadPFR0WDXsa 9bmwXHw/0lu0i0cbohH26yY396IWmxPqHK3w99985aNpFyKgD4lBzi2nCpAcPkVt ivY3vKp99BmUsIycdwbJuLzjkoXoQHmx51dHGKxZ/1T8e61Bi+j57dngOlcOThGO X49yqckq1yflN2Cak8q94OKqyqoVufuEfNs8kuicb7VVpnykcPVG9Un4afcNdZ8L OCw5QMByqNb3lg+GYVn2+m44606bMUlxXmOCn+T1am9jp3Mmz1iWEbPUQhUZCiZi +yss18ibZ52w54/8rNIsVcAY2Sht5Rzdn15qFUwdMw08ie75SuIE6koPtTG9C67k BsMs7KDxkqiS+aVwr0VU =NnV0 -----END PGP SIGNATURE-----