Accepted ruby-rack 2.1.4-3+deb11u1 (source) into oldstable-proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted ruby-rack 2.1.4-3+deb11u1 (source) into oldstable-proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 28 Oct 2023 20:34:22 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: ruby-rack_2.1.4-3+deb11u1_source.changes
- Debian-source: ruby-rack
- Debian-suite: oldstable-proposed-updates
- Debian-version: 2.1.4-3+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=EDp5enVPC+gPdlJw8OI46HW7kRYwsQ0Hn4vm4pbtS1Y=; b=EMVkgNJjWyxUQCNCX4+vzVjl4Z i7wplKsERgBAgYLfLxhTyOphPDMSOszBdcKB4plSnH1TqH7Wk20bX6s1VbsVAgdXO/TbEpS2FKVng VBjvhHBmz7b45M6rxaJP+iD6ys8bitnUXpN0eytcsdYoxU41zbXEqdEQ/M4+nbdveD5nLOXQ0HqrX KfmHu3TH1Q3jZ9ebg5Is0Lgiufe8VvYP6tH0d7pKqWmP2qt5IvV36UC4wyq+36Y7gry5qgYmr2Xvt Zbal/hIq6ILHeHxz7hYev1EliO6BgvKsC0haE2vaFhkNq4qeEsIj96RWp5aXTha5N3MCsUkOZalOG YOPo/XLg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qwq0k-000zqO-JR@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 08 Jun 2023 03:22:23 +0530
Source: ruby-rack
Architecture: source
Version: 2.1.4-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@ubuntu.com>
Closes: 1029832 1032803 1033264
Changes:
ruby-rack (2.1.4-3+deb11u1) bullseye-security; urgency=high
.
* Add patch to restrict broken mime parsing.
(Fixes: CVE-2022-30122)
* Add patch to escape untrusted text when logging.
(Fixes: CVE-2022-30123)
* Add patch to fix ReDoS in Rack::Utils.get_byte_ranges.
(Fixes: CVE-2022-44570) (Closes: #1029832)
* Add patch to fix ReDoS vulnerability in multipart parser.
(Fixes: CVE-2022-44571) (Closes: #1029832)
* Add patch to forbid control characters in attributes.
(Fixes: CVE-2022-44572) (Closes: #1029832)
* Add patch to limit all multipart parts, not just files.
(Fixes: CVE-2023-27530) (Closes: #1032803)
* Add patch to avoid ReDoS problem.
(Fixes: CVE-2023-27539) (Closes: #1033264)
Checksums-Sha1:
49fbc941395ced63e99d5474d8be59971735fb87 2374 ruby-rack_2.1.4-3+deb11u1.dsc
fb78585706dacc2ec7997b7c1af7d6320acd33c3 251772 ruby-rack_2.1.4.orig.tar.gz
1be2aae240d593288073b0e138f4797bc2e98613 13464 ruby-rack_2.1.4-3+deb11u1.debian.tar.xz
64ba149b02457e40f4a1c010d0de56ebfdef9a1b 14221 ruby-rack_2.1.4-3+deb11u1_source.buildinfo
Checksums-Sha256:
3f4985975c0269374b81213ee5c2fc294fa7a626007da37da6b73ababf991837 2374 ruby-rack_2.1.4-3+deb11u1.dsc
f0b67c0a585d34a135c1434ac2d0bdbb9611726afafc005d9da91a451b1a7855 251772 ruby-rack_2.1.4.orig.tar.gz
cc9a90ed19608070ac73a40bbca2487624dae75ccf2a40516774cfd6edd6bfbb 13464 ruby-rack_2.1.4-3+deb11u1.debian.tar.xz
81519b74286087096b841974fda563e25b4f7956959d396d7dbaa7eb7243bd5f 14221 ruby-rack_2.1.4-3+deb11u1_source.buildinfo
Files:
9922bbaf830cc1b43e178d39d3b74975 2374 ruby optional ruby-rack_2.1.4-3+deb11u1.dsc
92633b2d98f6caa2fdaebcd0b15eb42d 251772 ruby optional ruby-rack_2.1.4.orig.tar.gz
5b7cfa818c82f84500dc30937b12810a 13464 ruby optional ruby-rack_2.1.4-3+deb11u1.debian.tar.xz
14c58079f7553da2b8c026f026e9b8f6 14221 ruby optional ruby-rack_2.1.4-3+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmSJiXYTHHV0a2Fyc2hA
dWJ1bnR1LmNvbQAKCRCCPpZ2BsNLlvSlD/4rNlI4bWzm96TtqKXPw0Yny/v8x22S
Ac0TiCHmQZIRb0GM9OXye5XWsEQgn5yJ0vP0H1zr5YsJWGdQuGy1OdrfhkweILKU
vGH5V5K2LnP6ooIa/JbHmqaR5Sw3K554NhUJopNfy5ttgltpOd/in7FNXQIk6VbK
x0H84E8HcFE/2MwwmAdPwA/Up+o00r0YB8kEHD0ByKhk1gISsnxdrLQcNqVyRXSN
NTatEZR22bvHSoEHNI+uqsYw862ZneDGZuWFHw9lEosoVnYy8BCvTHHepOuz+iJ7
q9jy1JISmkgTWxXaIIlE7pEiPWKtzqf1eR/dVUWmk4mRudO8FBOe4xp3PDdDq0u0
pKIOotgHDkP70r2sjEBtxCFqHjhH8jehT+tk8OdjrI2QPKWGc0+EU9zV71fwsTyn
hUHGVeZJNfBaBVTv1cupMMY9C86sB1W8kSu/ZIobkmJp6MKswlMmx1QFf4MGhbqV
FJzSCrNQdVV5JCQCI8WJppeLubje7JSiMmDY+Ku1gcGjS+ZTIat7qnK82IA9rXys
WfXrS9UfhYczHEQ8pkYqQhzSQ071kP60jR74vntJKGplTPoginrSEWlTAI46VObf
99ZaAwVJvLudVhwXOghemn8VJ3SLCDeWDYrNX7VYidS7bk7C4AuqvOI4usWo12CQ
gloeXfzv3OmWpg==
=wzXn
-----END PGP SIGNATURE-----