[Git][security-tracker-team/security-tracker][master] Add two more CVEs for ruby-rack

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 2 22:39:13 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd589dab by Salvatore Bonaccorso at 2026-04-02T23:38:24+02:00
Add two more CVEs for ruby-rack

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -234,7 +234,12 @@ CVE-2026-34785 (Rack is a modular Ruby web server interface. Prior to versions 2
 	NOTE: Fixed by: https://github.com/rack/rack/commit/a17cb99b3440a4db09fb920407adf5ead127704c (v3.1.21)
 	NOTE: Fixed by: https://github.com/rack/rack/commit/203730e4abb2fac3a0514d6dc3ac56de82bdff9a (v2.2.23)
 CVE-2026-34763 (Rack is a modular Ruby web server interface. Prior to versions 2.2.23, ...)
-	TODO: check
+	[experimental] - ruby-rack 3.2.6-1
+	- ruby-rack <unfixed>
+	NOTE: https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp
+	NOTE: Fixed by: https://github.com/rack/rack/commit/459ea1f5a58455409e377d60eeb3432ff3100e15 (v3.2.6)
+	NOTE: Fixed by: https://github.com/rack/rack/commit/29b17c58e55539b5b9c1afd0d86266e54150193f (v3.1.21)
+	NOTE: Fixed by: https://github.com/rack/rack/commit/7796548b545601accdfe8f4079088bd44d0a3495 (v2.2.23)
 CVE-2026-34759 (OneUptime is an open-source monitoring and observability platform. Pri ...)
 	TODO: check
 CVE-2026-34758 (OneUptime is an open-source monitoring and observability platform. Pri ...)
@@ -300,7 +305,12 @@ CVE-2026-34426 (OpenClaw versions prior to commit b57b680contain an approval byp
 CVE-2026-34425 (OpenClaw versions prior to commit 8aceaf5 contain a preflight validati ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-34230 (Rack is a modular Ruby web server interface. Prior to versions 2.2.23, ...)
-	TODO: check
+	[experimental] - ruby-rack 3.2.6-1
+	- ruby-rack <unfixed>
+	NOTE: https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr
+	NOTE: Fixed by: https://github.com/rack/rack/commit/8bf0c2eb5936eb79207f3a0be63196e7726bcb0a (v3.2.6)
+	NOTE: Fixed by: https://github.com/rack/rack/commit/55db26e7f43d3d45e1476f02ada75e0503abc2f1 (v3.1.21)
+	NOTE: Fixed by: https://github.com/rack/rack/commit/8d6a0e1088a6e00259bd525506a9c4b1b69f675b (v2.2.23)
 CVE-2026-34124 (A denial-of-service vulnerability was identified in TP-Link Tapo C520W ...)
 	NOT-FOR-US: TPLink
 CVE-2026-34122 (A stack-based buffer overflow vulnerability was identified in TP-Link  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd589dab4921daabab811327567973f1f706cb59

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd589dab4921daabab811327567973f1f706cb59
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260402/21cdf9c9/attachment.htm>

More information about the debian-security-tracker-commits mailing list