[DRE-maint] ruby-rack_2.2.20-0+deb12u1_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Mon Nov 3 22:06:22 GMT 2025
Thank you for your contribution to Debian.
Mapping oldstable-security to oldstable-proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 23 Oct 2025 09:54:27 +0100
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 2.2.20-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh at debian.org>
Closes: 1104927 1116431 1117627 1117628 1117855 1117856
Changes:
ruby-rack (2.2.20-0+deb12u1) bookworm-security; urgency=medium
.
* New upstream version 2.2.20.
- CVE-2025-32441: Rack session can be restored after deletion.
- CVE-2025-46727: Unbounded parameter parsing in Rack::QueryParser
can lead to memory exhaustion.
- CVE-2025-59830: Unbounded parameter parsing in Rack::QueryParser
can lead to memory exhaustion via semicolon-separated parameters.
- CVE-2025-61770: Unbounded multipart preamble buffering enables DoS
(memory exhaustion).
- CVE-2025-61771: Multipart parser buffers large non‑file fields
entirely in memory, enabling DoS (memory exhaustion).
- CVE-2025-61772: Multipart parser buffers unbounded per-part headers,
enabling DoS (memory exhaustion).
- CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead
to memory exhaustion.
- CVE-2025-61780 Improper handling of headers in Rack::Sendfile may
allow proxy bypass.
- Closes: #1104927, #1116431, #1117855, #1117856, #1117627, #1117628
Checksums-Sha1:
d518b47b7cc8cb8f4f987b223f3878a69a6bb1c3 2404 ruby-rack_2.2.20-0+deb12u1.dsc
7cef25f429e85179f60db84c3279c752f44e9c46 286135 ruby-rack_2.2.20.orig.tar.gz
68cb81ce8a6c1a2acaf3f3a9e316b09eacce6f1e 9752 ruby-rack_2.2.20-0+deb12u1.debian.tar.xz
56791927016bf91f51235b88f5763bd7b78d8fe3 15834 ruby-rack_2.2.20-0+deb12u1_source.buildinfo
Checksums-Sha256:
c7618d73d2111071b9db6094c104faa8d40555d0e3f6b87ab088f477aae65e47 2404 ruby-rack_2.2.20-0+deb12u1.dsc
c8111414e98f9f1085b6ef53ea39ca83fd852aed7f36417da3b31c5673dde3b3 286135 ruby-rack_2.2.20.orig.tar.gz
ee4cea2b728f93cf4a4a72acc26d26eacdb09b6e469c82df25415828b4f2a94d 9752 ruby-rack_2.2.20-0+deb12u1.debian.tar.xz
48ab28513222a91cf759c06aee9c51db0a8707866ea5369809bc4f6b8f02927e 15834 ruby-rack_2.2.20-0+deb12u1_source.buildinfo
Files:
e64efcb394f386a63dd243819f0710c8 2404 ruby optional ruby-rack_2.2.20-0+deb12u1.dsc
465172a6fbc4b894b8cba487913e5ac3 286135 ruby optional ruby-rack_2.2.20.orig.tar.gz
81ef06d604ecb6bb112c9765f07db95d 9752 ruby optional ruby-rack_2.2.20-0+deb12u1.debian.tar.xz
82ba67629197487b62f961f7dd6a0a5e 15834 ruby optional ruby-rack_2.2.20-0+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmkEnfgTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLljK6EAC0VHXmJvzX53flawZGJNiRPSMi7Ju4
WcPrgCZTCqVtE6mu5PVIKyXXSMTCFoPdk7R9Prvut3MU4iZA9FkS45lMrtYAucpJ
6fm6Zlq1QyBjH8cj5xUdmKuXGT/ZIasl5iPC64ueE47cAz7VV5GEgaDyTKGyCsJB
Z0qUJI08x6nroHqnIMC7LtRXtP0kQjcYigxbFiMB7ZV0MO8kNH/I64uyA56BFkt8
39umGZvWt7yRDHQ/HdOwcUdIiw6OWLs+PIqDrto8xvnl3r3KwDaHV4qSbeOOWmTg
Uv0zjiyuIpeHVA0wBuODRdBPx3LzlaXTOAeqGZykkaT6ziMT4gL1c0WdYlKZUahz
IUB74LbwJBF5HRYuS44U33XiARJCU1Be+822qv/G4X7Oo549bXriZ6qaet5F5tq3
zK4gkR5RI1TxUgDiwGdgJi/MnJZFutYfqhvyQaINflWBe36u2+Hd+QIef607CLov
DpzIJMsYPDWDCZOtFS7hFlTeEc1heYPCr69nH4ybdAZXYFVUGvmZpxJ12nAWUhA0
Zjx+VTg/8CCnSzCYwXngdfmVNCYTuRmdLtcj/A0J9dKmvbJWzj/+1Q/n05P8wh4O
y5eFq3CCJKMpznKFXS+UIj3mn3b7BwSOg77+hMMerXqQRjtN4ELUkaIAiGspmZKp
wjK1W4btZypmEQ==
=cLEO
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20251103/9f51d746/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list