[DRE-maint] ruby-rack_3.1.18-1~deb13u1_source.changes ACCEPTED into proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Nov 5 21:32:21 GMT 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 22 Oct 2025 08:52:58 +0100
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 3.1.18-1~deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh at debian.org>
Closes: 1117627 1117628 1117855 1117856
Changes:
ruby-rack (3.1.18-1~deb13u1) trixie-security; urgency=medium
.
* New upstream version 3.1.18.
- CVE-2025-61772: Multipart parser buffers unbounded per-part headers,
enabling DoS (memory exhaustion).
- CVE-2025-61771: Multipart parser buffers large non‑file fields
entirely in memory, enabling DoS (memory exhaustion).
- CVE-2025-61770: Unbounded multipart preamble buffering enables DoS
(memory exhaustion).
- CVE-2025-61780 Improper handling of headers in Rack::Sendfile may
allow proxy bypass.
- CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead
to memory exhaustion.
- Closes: #1117855, #1117856, #1117627, #1117628
Checksums-Sha1:
bf9e5ba88585d917f3e072b0ebabe0abb0e0375a 2392 ruby-rack_3.1.18-1~deb13u1.dsc
f358e5c6c93492298cada4c1da6d7db167d161ab 796966 ruby-rack_3.1.18.orig.tar.gz
5ac20e75f8efaf49c51caf5923a8f326a23529dd 7816 ruby-rack_3.1.18-1~deb13u1.debian.tar.xz
b1b05ab49fff98bfe1d53e1738c90fa6fbdcafba 15798 ruby-rack_3.1.18-1~deb13u1_source.buildinfo
Checksums-Sha256:
1ef32d6a0ff7613c3bf4ddd2a6b3f54f3c550a4b59980776c79778ee1ca4c410 2392 ruby-rack_3.1.18-1~deb13u1.dsc
7d6d19dd11565706cd4eb0d3952ac0e54b21d0e197c68d4093ec56ebe860ff80 796966 ruby-rack_3.1.18.orig.tar.gz
32f523a746abdaf29900eed73dac5ee6a70d12f94013e1b4c0eb6623d3a37c96 7816 ruby-rack_3.1.18-1~deb13u1.debian.tar.xz
c1722824ba5c81f05acab4606828cb3f2e964b7677c90d39fd8d2fb0977c3b8a 15798 ruby-rack_3.1.18-1~deb13u1_source.buildinfo
Files:
a04f20b797df1c54ba819ed7f8bd7436 2392 ruby optional ruby-rack_3.1.18-1~deb13u1.dsc
19b3825059eeb5f37aeba510663be6cd 796966 ruby optional ruby-rack_3.1.18.orig.tar.gz
ffb7ea215187fc22325b54d28df659e2 7816 ruby optional ruby-rack_3.1.18-1~deb13u1.debian.tar.xz
b9acddf1327aeb33d4f20ef996f6987f 15798 ruby optional ruby-rack_3.1.18-1~deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmkEru4THHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlurQD/0V/bBuAq0mQZfng6Pjh/P550NXpsfy
T042OvgpJ9QqgR6e8kT7ExIhrMda5yDuYQGxvS3jL7cpDtw2HEOAGP7ciJKZ3Zgx
ezpb/fbzgKEIz82S6ObfXdNK9/Os4T20zaaME6X9ABUprDpH4BNoQsu5RwF3EHMU
k51gCskTdP9VA55hPdeDMVAsPHIo4xzCc90WC7M8/TVdz5nEcbSMkjFUC/GcKcm3
Hew0SHIxmjOW1yEcCWzYURskMviKg7/O2j64JYUxmhQAOLCyuRsGSEOvaB8avYcR
xKyXkhOxkXhvKQeseXgE+eTpVMVe4C6E0r93b56DuyOxYlOePfxmG3Z6E7aavU3U
+KQNQqM2zaltAJjCoyVD0/oBsWAdYTgd0R2NEXFi5ikBS1shyxaMGCbL6keno0GN
gf6vraLKm0jgVlqxDuB5ckOSUlno1ytu+gmoSUOAjI7n1qI3JwU431iikoRytcxD
k2LYJfRWfpQFzUHqGDdJZVtw6MbCXDtJT+5mvAdO3s+jV+bkgPwtlmH9Kik2WObI
tpC2Dni3hvfuzb9cdEBLhbghUa1+GqFoKRl6egRPiny6mid0iCR/fF57S/kntVrQ
8CMxBYHLnYSi0g5EDhCoJ4CWqS+1EZFV44u608vRu5WggoMq0vY4/vuFwsU3yePi
CJ3VmJ7hQbAlhQ==
=jMhL
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20251105/3c970dcd/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list