[Git][security-tracker-team/security-tracker][master] Add CVE-2025-32441/ruby-rack

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0fd7777d by Salvatore Bonaccorso at 2025-05-08T12:36:30+02:00
Add CVE-2025-32441/ruby-rack

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,11 @@ CVE-2025-35995 (When a BIG-IP PEM system is licensed with URL categorization, an
 CVE-2025-35939 (Craft CMS stores arbitrary content provided by unauthenticated users i ...)
 	NOT-FOR-US: Craft CMS
 CVE-2025-32441 (Rack is a modular Ruby web server interface. Prior to version 2.2.14,  ...)
-	TODO: check
+	- ruby-rack 3.0.8-2
+	NOTE: https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
+	NOTE: Fixed by: https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d (2.2.14)
+	NOTE: Related code was moved to rack-session in 3.0.0.beta1 and thus mark 3.0.8-2 as the first
+	NOTE: version in unstable addressing the issue. The ruby-rack-session issue has a own CVE (CVE-2025-46336)
 CVE-2025-31644 (When running in Appliance mode, a command injection vulnerability exis ...)
 	NOT-FOR-US: F5
 CVE-2025-0936 (On affected platforms running Arista EOS with a gNMI transport enabled ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fd7777db178c5644ddffd7d8f536156745957a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fd7777db178c5644ddffd7d8f536156745957a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250508/4c7cd821/attachment.htm>