home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   linux.debian.changes      Debian changes... like the weather      791 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 475 of 791   
   Debian FTP Masters to All   
   Accepted ruby-rack 2.2.20-0+deb12u1 (sou   
   14 Nov 25 17:10:01   
   
   From: ftpmaster@ftp-master.debian.org   
      
   -----BEGIN PGP SIGNED MESSAGE-----   
   Hash: SHA512   
      
   Format: 1.8   
   Date: Thu, 23 Oct 2025 09:54:27 +0100   
   Source: ruby-rack   
   Built-For-Profiles: noudeb   
   Architecture: source   
   Version: 2.2.20-0+deb12u1   
   Distribution: bookworm-security   
   Urgency: medium   
   Maintainer: Debian Ruby Team    
   Changed-By: Utkarsh Gupta    
   Closes: 1104927 1116431 1117627 1117628 1117855 1117856   
   Changes:   
    ruby-rack (2.2.20-0+deb12u1) bookworm-security; urgency=medium   
    .   
      * New upstream version 2.2.20.   
        - CVE-2025-32441: Rack session can be restored after deletion.   
        - CVE-2025-46727: Unbounded parameter parsing in Rack::QueryParser   
          can lead to memory exhaustion.   
        - CVE-2025-59830: Unbounded parameter parsing in Rack::QueryParser   
          can lead to memory exhaustion via semicolon-separated parameters.   
        - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS   
          (memory exhaustion).   
        - CVE-2025-61771: Multipart parser buffers large non‑file fields   
          entirely in memory, enabling DoS (memory exhaustion).   
        - CVE-2025-61772: Multipart parser buffers unbounded per-part headers,   
          enabling DoS (memory exhaustion).   
        - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead   
          to memory exhaustion.   
        - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may   
          allow proxy bypass.   
        - Closes: #1104927, #1116431, #1117855, #1117856, #1117627, #1117628   
   Checksums-Sha1:   
    d518b47b7cc8cb8f4f987b223f3878a69a6bb1c3 2404 ruby-rack_2.2.20-0+deb12u1.dsc   
    7cef25f429e85179f60db84c3279c752f44e9c46 286135 ruby-rack_2.2.20.orig.tar.gz   
    68cb81ce8a6c1a2acaf3f3a9e316b09eacce6f1e 9752 ruby-rack_2.2.20-   
   +deb12u1.debian.tar.xz   
    56791927016bf91f51235b88f5763bd7b78d8fe3 15834 ruby-rack_2.2.20   
   0+deb12u1_source.buildinfo   
   Checksums-Sha256:   
    c7618d73d2111071b9db6094c104faa8d40555d0e3f6b87ab088f477aae65e47 2404   
   ruby-rack_2.2.20-0+deb12u1.dsc   
    c8111414e98f9f1085b6ef53ea39ca83fd852aed7f36417da3b31c5673dde3b3 286135   
   ruby-rack_2.2.20.orig.tar.gz   
    ee4cea2b728f93cf4a4a72acc26d26eacdb09b6e469c82df25415828b4f2a94d 9752   
   ruby-rack_2.2.20-0+deb12u1.debian.tar.xz   
    48ab28513222a91cf759c06aee9c51db0a8707866ea5369809bc4f6b8f02927e 15834   
   ruby-rack_2.2.20-0+deb12u1_source.buildinfo   
   Files:   
    e64efcb394f386a63dd243819f0710c8 2404 ruby optional ruby-rack_2   
   2.20-0+deb12u1.dsc   
    465172a6fbc4b894b8cba487913e5ac3 286135 ruby optional ruby-rack   
   2.2.20.orig.tar.gz   
    81ef06d604ecb6bb112c9765f07db95d 9752 ruby optional ruby-rack_2   
   2.20-0+deb12u1.debian.tar.xz   
    82ba67629197487b62f961f7dd6a0a5e 15834 ruby optional ruby-rack_   
   .2.20-0+deb12u1_source.buildinfo   
      
   -----BEGIN PGP SIGNATURE-----   
      
   iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmkEnfgTHHV0a2Fyc2hA   
   ZGViaWFuLm9yZwAKCRCCPpZ2BsNLljK6EAC0VHXmJvzX53flawZGJNiRPSMi7Ju4   
   WcPrgCZTCqVtE6mu5PVIKyXXSMTCFoPdk7R9Prvut3MU4iZA9FkS45lMrtYAucpJ   
   6fm6Zlq1QyBjH8cj5xUdmKuXGT/ZIasl5iPC64ueE47cAz7VV5GEgaDyTKGyCsJB   
   Z0qUJI08x6nroHqnIMC7LtRXtP0kQjcYigxbFiMB7ZV0MO8kNH/I64uyA56BFkt8   
   39umGZvWt7yRDHQ/HdOwcUdIiw6OWLs+PIqDrto8xvnl3r3KwDaHV4qSbeOOWmTg   
   Uv0zjiyuIpeHVA0wBuODRdBPx3LzlaXTOAeqGZykkaT6ziMT4gL1c0WdYlKZUahz   
   IUB74LbwJBF5HRYuS44U33XiARJCU1Be+822qv/G4X7Oo549bXriZ6qaet5F5tq3   
   zK4gkR5RI1TxUgDiwGdgJi/MnJZFutYfqhvyQaINflWBe36u2+Hd+QIef607CLov   
   DpzIJMsYPDWDCZOtFS7hFlTeEc1heYPCr69nH4ybdAZXYFVUGvmZpxJ12nAWUhA0   
   Zjx+VTg/8CCnSzCYwXngdfmVNCYTuRmdLtcj/A0J9dKmvbJWzj/+1Q/n05P8wh4O   
   y5eFq3CCJKMpznKFXS+UIj3mn3b7BwSOg77+hMMerXqQRjtN4ELUkaIAiGspmZKp   
   wjK1W4btZypmEQ==   
   =cLEO   
   -----END PGP SIGNATURE-----   
      
      
   --==============68436809918642105=Content-Type: application/pgp-signature   
      
   -----BEGIN PGP SIGNATURE-----   
      
   iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaRdTpwAKCRCb9qggYcy5   
   IaXgAQDrSpHcWzbfi+xiqwx9ahg9t4uUt25LyxykFwrCYQN3LgD/e7cnDKGFfZJP   
   P4CDPUZjrhr5+cgSd8m+bPoJ7Wx5Pgc=qL/b   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca