Accepted ruby-rack 2.0.6-3+deb10u3 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted ruby-rack 2.0.6-3+deb10u3 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 18 Apr 2023 14:10:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: ruby-rack_2.0.6-3+deb10u3_source.changes
- Debian-source: ruby-rack
- Debian-suite: oldstable
- Debian-version: 2.0.6-3+deb10u3
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=abcNrq3W47h5tplqjyWOB15Y3ZJApsM8xPn+mHR29q0=; b=O90oxAwAVG53XPScjDiMKj491A +mJacaGX2UTapBYDbQeHhWxApTdfxurM39e43O0uMMCG0xTUhnU8ZEA7/QEv/z+jaYEDikmNWGQDr lCDHQWS/BkLin/DFSxawHwrQ+tlSlIQHUjHXz5Mlld8kzxyaYVNziYIgQRLaTnundLPaj79GdWLB/ /zVbxG0wjIUv3cSuuRb46CaN0pjar1lVxRdv0UxU2C4wt05Kc0zx9QikUIr0H/uCnnZ8ivY9Dq7bJ RpJARF8CPYfyrbKsMuvocecMqdc+b3jZMOpBxNblWRhhK6BOzrxLbnYrouklMmBfZLVxGvXeQmECS T6mWw7rA==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pom2F-00B3f6-Ls@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 28 Mar 2023 07:01:58 -0700
Source: ruby-rack
Architecture: source
Version: 2.0.6-3+deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Scarlett Moore <sgmoore@debian.org>
Changes:
ruby-rack (2.0.6-3+deb10u3) buster-security; urgency=high
.
[ Scarlett Moore ]
* Non-maintainer upload by the LTS team.
* Add patch to limit all multipart parts, not just files.
(Fixes: CVE-2023-27530)
* Add patch to split headers on commas, then strip the strings in
order to avoid ReDoS issues.
(Fixes:CVE-2023-27539)
.
[ Utkarsh Gupta ]
* Supervise the upload.
* Refresh patches, fix d/ch, and fix patch headers.
Checksums-Sha1:
8a09d3243a5d18d767ad61295bf2e946dd3ab09d 2250 ruby-rack_2.0.6-3+deb10u3.dsc
bef6a13d81a8000634ea30dae30cb906d7a71f91 253423 ruby-rack_2.0.6.orig.tar.gz
42ea0a58e8cf6a87875d8d0eaaab2ff33d66dd89 12856 ruby-rack_2.0.6-3+deb10u3.debian.tar.xz
316fe340334c22ed860a81a5e0d4a24e0477d4a6 14179 ruby-rack_2.0.6-3+deb10u3_source.buildinfo
Checksums-Sha256:
67a7b8e1445bfcac5ba885573eaefcfeffcb12a29da27dbbf306952a700b98ec 2250 ruby-rack_2.0.6-3+deb10u3.dsc
62c3a92e98a61fcb5423ff7f46726a17e48930c4ccc817daaaa93e9038922c5a 253423 ruby-rack_2.0.6.orig.tar.gz
0b7391d5143d68c9a4a640f76d8112a82f472378398e21ce581c03ea4f3a96c5 12856 ruby-rack_2.0.6-3+deb10u3.debian.tar.xz
2820a92e0c1ddb9f97286a108348c4ea83ab5c093f35db3938aa11f55eb4e72e 14179 ruby-rack_2.0.6-3+deb10u3_source.buildinfo
Files:
d207677ac96282cb44d09982334fa267 2250 ruby optional ruby-rack_2.0.6-3+deb10u3.dsc
a089f87b15056562ce44645965ddbc97 253423 ruby optional ruby-rack_2.0.6.orig.tar.gz
9fc55eee252cb0d0bf70d6654def73d2 12856 ruby optional ruby-rack_2.0.6-3+deb10u3.debian.tar.xz
0aff1d06bdcb3bb5d783ddda40273785 14179 ruby optional ruby-rack_2.0.6-3+deb10u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmQ+ogkACgkQgj6WdgbD
S5bVOhAAqNwxfvm3rhy2hmp7Eq4Pd083E7jzN22Xw8QnHCiz3uZc8KxUolVh1r1g
M8d207ugIwvMRxciQ0X7BD47QvHVxPzMz6EfCmydP/W3vr3EWY8dn1sBNmS0Mr9+
hORLy8g/1R2P/Wsrgtj5RXAhLluuniCTvYuPch2BcsONTOy7oV9J9qbGR1yZg02o
+m767jiX1AF2cYjrsSwRzwDyXhaAdCPRvoBVRDzhGqhl7zGirYlX1o4We2lmPNbF
IXR3EwVC/qG70wJwY0gNOO8aVr0j2kThPtpE/pmw8vRmhlcrWmNKzXQ5xpAs7WJt
Zmp6L9+iQ8LuHCRS++hoPqbio/yo2u7qpsn7OzZ28HQ0qNeihVZ4FiKtomdj4zmG
PNY/tdlx7oPvoF7LnLvq329kYP2MVOhY85xFfDZ04eFTwop31IQ7epQBQZlKPoDf
hFGjDBU+w9mcFQHn1iKI0xxPv/5DzcnentY5XGpLGVoDLSZAFE39dlzsn1DKhM83
QSq1FhejE7ahgVLFjagqlTS/C9/2jj2hGHua98mmj/6vEXcUnyu7mPZks9wqy6RF
AiKWKsH6Lie71l1Ru5fbWIPTkE3Y5jbgroUsDMHMw/JPbRuWi+Wb1eBPOxJsZYdp
vJ2Qggk3otqtCtgdwET+kc9Y0p5fJIwHC6/2reln4l4OdAnhnaY=
=VwpT
-----END PGP SIGNATURE-----