[DRE-maint] Bug#1029715: passenger: Warns for two security vulnerability with upstream fixes
Herwin Weststrate
herwin.weststrate at tesorion.nl
Thu Jan 26 15:32:39 GMT 2023
Package: passenger
Version: 6.0.13+ds-1+b2
Severity: normal
Tags: upstream
Dear Maintainer,
When starting, the Apache logs show an available update with two security issues fixed:
[ E 2023-01-26 16:19:00.9642 2682647/T6 age/Cor/SecurityUpdateChecker.h:521 ]: A security update is available for your version (6.0.13) of Phusion Passenger(R). We strongly recommend upgrading to version 6.0.17.
[ E 2023-01-26 16:19:00.9644 2682647/T6 age/Cor/SecurityUpdateChecker.h:526 ]: Additional security update check information:
- [Fixed in 6.0.14] [CVE-2018-25032] zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
- [Fixed in 6.0.14] A use after free memory safety issue was introduced in 6.0.12, and fixed in 6.0.14.
It would be nice if it was still possible to update the version of Passenger to at least 6.0.14
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
merged-usr: no
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-22-amd64 (SMP w/2 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages passenger depends on:
ii libc6 2.36-8
ii libcurl4 7.87.0-2
ii libev4 1:4.33-1
ii libgcc-s1 12.2.0-14
ii libruby 1:3.1
ii libruby3.1 3.1.2-4
ii libssl3 3.0.7-2
ii libstdc++6 12.2.0-14
ii libuv1 1.44.2-1
ii ruby 1:3.1
ii ruby-rack 2.2.4-2
passenger recommends no packages.
Versions of packages passenger suggests:
ii nodejs 18.13.0+dfsg1-1
ii python3 3.10.6-3+b1
pn rails <none>
-- no debconf information
More information about the Pkg-ruby-extras-maintainers
mailing list