Back to puma PTS page

Accepted puma 3.6.0-1+deb9u2 (source) into oldoldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 25 May 2022 23:55:31 CEST
Source: puma
Binary: puma
Architecture: source
Version: 3.6.0-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 puma       - threaded HTTP 1.1 server for Ruby/Rack applications
Checksums-Sha1:
 03d0c8a5961e6c93ad9f5bc255242ff6ac6b4856 2168 puma_3.6.0-1+deb9u2.dsc
 39163657daadb8c56ca3c5fe6aa4318e713a8a68 7536 puma_3.6.0-1+deb9u2.debian.tar.xz
 19fd9fc81550e187342547e9a749971bff2be17e 7593 puma_3.6.0-1+deb9u2_amd64.buildinfo
Checksums-Sha256:
 d19fb89f54a4b28fd505b675959bbb6e34869ac9b40fde5558729afa843a7180 2168 puma_3.6.0-1+deb9u2.dsc
 fd84943a0f83f2fc99f392b980c1bb60b2f035260192b25eb74356cd1b3cc5dc 7536 puma_3.6.0-1+deb9u2.debian.tar.xz
 d56e81e9975b2e8fc1d0f6b0e2e76a47f72d46a96628bf2fb9ee0127678b1a28 7593 puma_3.6.0-1+deb9u2_amd64.buildinfo
Changes:
 puma (3.6.0-1+deb9u2) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2019-16770: client could use keepalive requests to monopolize
     Puma's reactor and create a denial of service attack
   * Fix CVE-2020-5247: HTTP Response Splitting
   * Fix CVE-2022-23634: Puma did not always close the response body which could
     lead to information leakage.
Files:
 3d2c90ef209ea5198da7b2ba0a5315df 2168 ruby optional puma_3.6.0-1+deb9u2.dsc
 fb672f24ffe573fa251647e9d977296f 7536 ruby optional puma_3.6.0-1+deb9u2.debian.tar.xz
 443efa413dbc1f5242681a0fccffacdf 7593 ruby optional puma_3.6.0-1+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKOpd5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkoM0P/iRFHPhtwuz5u0xJSLxOWFHklkINZwOBILmY
wcpAoWXWsTP7D1FXG5oODoKN+EzNgqS/ye3Nbr9gLBSjvKoN5zjXPcnJ3qdMi0G+
lrKU2G69FzU9JQP8blomN2tchHM0hmNWvNFDUlRuuAqdrqTnt0BT//Cm4hHG36Rl
NOBXRntLeBRjBTVVzpbkmeRWHlZe4pqxfGuHmfxc4NbhQyRjSKkX9RMIZyv4v1Sx
sOb6g0hmaB+t2L/OqI+cWhC7kOdIdZl7IYpXrOJ07GKtTD8nkKgvll0JavCTI4Ot
x/jTNdsdLUD6obsIqXI6UtC5NuimZVBuZeAnEqtCNyAGAsrrzFaQY80S+Ap3p6g6
S+1VCGZnPDstOY2UukVqKDubJUS83Jg1cpTpGElc7v0s/6s12dvuvvbBq4UdZ32w
CZCD+5L9ZvZRqnNdE5SoMhSOjGhO1E0y3U6yGaAy5/L6eOIYP3N/nM5DwzsBgrAS
EexICx4Crs258rHl3Qs5xzqDjwXaKf7ps8HX6P3PIqMmGvtcaUrFdrUY8P8CuOaq
SrkUOsp5Jgogi/WVKAF0uYz5uYam4nobjlUNm/XTXbou2gdsDmkVc4H05Sza6NEb
P9iRvAXr0JYzSltP/raIPxQD2zSIoKnhb09/UBAh12ETLIC8VjMSrWSy/C74k0Rf
F1GEDVm0
=WcJi
-----END PGP SIGNATURE-----