Debian Package Tracker

A new upstream version is available: 4.3.1 high

A new upstream version 4.3.1 is available, you should consider packaging it.

Created: 2019-03-20 Last update: 2020-02-29 08:04

2 security issues in buster high

There are 2 open security issues in buster.

1 important issue:

CVE-2020-5247:

1 issue skipped by the security teams:

CVE-2019-16770: In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

Please fix them.

Created: 2019-12-07 Last update: 2020-02-28 23:31

2 security issues in stretch high

There are 2 open security issues in stretch.

1 important issue:

CVE-2020-5247:

1 issue skipped by the security teams:

CVE-2019-16770: In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

Please fix them.

Created: 2019-12-07 Last update: 2020-02-28 23:31

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2020-5247:

Please fix it.

Created: 2020-02-28 Last update: 2020-02-28 23:31

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-5247:

Please fix it.

Created: 2020-02-28 Last update: 2020-02-28 23:31

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2020-02-06 Last update: 2020-02-28 11:04

puma

threaded HTTP 1.1 server for Ruby/Rack applications