[DRE-maint] Bug#789311: Bug#789311: ruby-rack: CVE-2015-3225: Potential Denial of Service Vulnerability in Rack normalize_params()
Youhei SASAKI
uwabami at gfd-dennou.org
Wed Jul 29 08:30:34 UTC 2015
Dear Debian Security Team
I'v created patche in order to fix CVE-2015-3225 for wheezy, jessie.
#789311 (CVE-2015-3225)
Please consider to update stable version of ruby-rack with attached
debdiff to close those CVE issues.
# BTW, due to the unreported FTBFS issue about ruby-rack in jessie, we
# can't build package without "DH_RUBY_IGNORE_TESTS=all"...
Best Wishes,
Youhei
On Sat, 20 Jun 2015 02:38:32 +0900,
Salvatore Bonaccorso <carnil at debian.org> wrote:
>
> Source: ruby-rack
> Version: 1.4.1-1
> Severity: important
> Tags: security patch upstream fixed-upstream
>
> Hi,
>
> the following vulnerability was published for ruby-rack.
>
> CVE-2015-3225[0]:
> Potential Denial of Service Vulnerability in Rack normalize_params()
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-3225
>
> Regards,
> Salvatore
---
Youhei SASAKI <uwabami at gfd-dennou.org>
<uwabami at debian.or.jp>
GPG fingerprint:
4096/RSA: 66A4 EA70 4FE2 4055 8D6A C2E6 9394 F354 891D 7E07
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ruby-rack_wheezy.debdiff
Type: application/octet-stream
Size: 4498 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20150729/74d3f12b/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ruby-rack_jessie.debdiff
Type: application/octet-stream
Size: 4461 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20150729/74d3f12b/attachment-0003.obj>
More information about the Pkg-ruby-extras-maintainers
mailing list