[Git][security-tracker-team/security-tracker][master] ruby-rack fixed in sid

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24d1b9b0 by Moritz Muehlenhoff at 2022-07-01T11:20:40+02:00
ruby-rack fixed in sid

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12780,13 +12780,13 @@ CVE-2022-30124
 	RESERVED
 CVE-2022-30123 [Possible shell escape sequence injection vulnerability in Rack]
 	RESERVED
-	- ruby-rack <unfixed>
+	- ruby-rack 2.2.4-1
 	NOTE: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
 	NOTE: https://github.com/advisories/GHSA-wq4h-7r42-5hrr
 	NOTE: https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88 (main)
 CVE-2022-30122 [Denial of Service Vulnerability in Rack Multipart Parsing]
 	RESERVED
-	- ruby-rack <unfixed>
+	- ruby-rack 2.2.4-1
 	NOTE: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
 	NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2
 CVE-2022-30121


=====================================
data/dsa-needed.txt
=====================================
@@ -51,6 +51,8 @@ puma/oldstable
 rpki-client/stable
   new 7.6 release required libretls, which isn't in Bullseye
 --
+ruby-rack
+--
 salt
 --
 slurm-llnl/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24d1b9b0de4bb76987387ca60e56a5ded200e160

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24d1b9b0de4bb76987387ca60e56a5ded200e160
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220701/79aa0e5f/attachment-0001.htm>