[Git][security-tracker-team/security-tracker][master] Reserve DLA-4090-1 for ruby-rack

Mon Mar 24 21:54:57 GMT 2025


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03cfa7f4 by Adrian Bunk at 2025-03-24T23:54:44+02:00
Reserve DLA-4090-1 for ruby-rack

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5096,7 +5096,6 @@ CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of software
 	NOT-FOR-US: Tuleap
 CVE-2025-27111 (Rack is a modular Ruby web server interface. The Rack::Sendfile middle ...)
 	- ruby-rack 3.1.12-1 (bug #1099546)
-	[bullseye] - ruby-rack <postponed> (Minor issue, log injection)
 	NOTE: https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
 	NOTE: Fixed by: https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3 (v2.2.12)
 	NOTE: Fixed by: https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53 (v3.0.13)
@@ -13409,7 +13408,6 @@ CVE-2025-25198 (mailcow: dockerized is an open source groupware/email suite base
 	NOT-FOR-US: mailcow
 CVE-2025-25184 (Rack provides an interface for developing web applications in Ruby. Pr ...)
 	- ruby-rack 3.1.12-1 (bug #1098257)
-	[bullseye] - ruby-rack <postponed> (Minor issue)
 	NOTE: https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
 	NOTE: https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e (main)
 	NOTE: https://github.com/rack/rack/commit/4aa19786a0aad7ff2ca66eeaede4a257cc7b0726 (v3.1.10)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Mar 2025] DLA-4090-1 ruby-rack - security update
+	{CVE-2025-25184 CVE-2025-27111 CVE-2025-27610}
+	[bullseye] - ruby-rack 2.1.4-3+deb11u3
 [24 Mar 2025] DLA-4089-1 libxslt - security update
 	{CVE-2024-55549 CVE-2025-24855}
 	[bullseye] - libxslt 1.1.34-4+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -249,11 +249,6 @@ rails
   NOTE: 20250305: Utkarsh uploaded the CVE fixes to unstable via rails/7.2.2.1. (utkarsh)
   NOTE: 20250323: rails DSA has been released. (utkarsh)
 --
-ruby-rack (Adrian Bunk)
-  NOTE: 20250321: Added by Front-Desk (pochu)
-  NOTE: 20250321: also look at postponed issues (pochu)
-  NOTE: 20250323: ruby-rack DSA has been prepared and uploaded. (utkarsh)
---
 ruby-saml
   NOTE: 20250314: Added by Front-Desk (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03cfa7f45d519779b1e89529560881c157d5e776

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03cfa7f45d519779b1e89529560881c157d5e776
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250324/45beb1a2/attachment-0001.htm>
