[DRE-maint] ruby-rack_3.1.18-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Oct 30 10:25:03 GMT 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 22 Oct 2025 08:52:58 +0100
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 3.1.18-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh at debian.org>
Closes: 1117627 1117628 1117855 1117856
Changes:
ruby-rack (3.1.18-1) unstable; urgency=medium
.
* New upstream version 3.1.18.
- CVE-2025-61772: Multipart parser buffers unbounded per-part headers,
enabling DoS (memory exhaustion).
- CVE-2025-61771: Multipart parser buffers large non‑file fields
entirely in memory, enabling DoS (memory exhaustion).
- CVE-2025-61770: Unbounded multipart preamble buffering enables DoS
(memory exhaustion).
- CVE-2025-61780 Improper handling of headers in Rack::Sendfile may
allow proxy bypass.
- CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead
to memory exhaustion.
- Closes: #1117855, #1117856, #1117627, #1117628
Checksums-Sha1:
144757b745f5523c1ed22675aa405b8e8548300a 2360 ruby-rack_3.1.18-1.dsc
f358e5c6c93492298cada4c1da6d7db167d161ab 796966 ruby-rack_3.1.18.orig.tar.gz
4b5ad32873c25eb7bf8cdff7bb3df07aa5ca28dd 7800 ruby-rack_3.1.18-1.debian.tar.xz
ae15d64c21c0683034d8b5937e8098182e3c46a1 15766 ruby-rack_3.1.18-1_source.buildinfo
Checksums-Sha256:
7ce053b4c003bfcd15e4246ad65dea5e52a90f4cafeb0883243dc0be48475adb 2360 ruby-rack_3.1.18-1.dsc
7d6d19dd11565706cd4eb0d3952ac0e54b21d0e197c68d4093ec56ebe860ff80 796966 ruby-rack_3.1.18.orig.tar.gz
572dd51e33f01697bba01f9f55d1482fabd8a821c20415a5d2ceb8fef3f208c2 7800 ruby-rack_3.1.18-1.debian.tar.xz
872a4bed3a9856a0163a386ec0dff4badfd40a371c7d4154ee65551ef109db42 15766 ruby-rack_3.1.18-1_source.buildinfo
Files:
686b96316b060a331f15a7af19bcbb99 2360 ruby optional ruby-rack_3.1.18-1.dsc
19b3825059eeb5f37aeba510663be6cd 796966 ruby optional ruby-rack_3.1.18.orig.tar.gz
01449210c27ec843cce5540172234da4 7800 ruby optional ruby-rack_3.1.18-1.debian.tar.xz
1ea96aa4dc670f5afe0459c417327e4e 15766 ruby optional ruby-rack_3.1.18-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmkDJWMTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLltZ6EADXO4uf5kcYdNa7xMTPiKYr4zmJ+U5Z
NFqfyRgRXMMYBB+D8D86/fgh1Hex7g81AK0/ruKUkE0exkevBwY834by9EYuyIco
XDhEgsjBuIsNFIcRupDBmeg9X17gnnt1Fb4jOCamTYOc/H9zR+Q09Cv3J0rGBbEM
eB2kFFH0kl1Z3OZXW1DzsSu2+KEHs8/Au1L3ga7zl2RtmYZ1WCR2GK7AOr0L4h2J
6rNaamqOtA/Y0+u9TatIgLYjt0OJbDU97j6h9YSVG9rx3Bu5QBSiCwtaT2gKevkh
OnuP/zGty4pkHgVoVxX420FKSsE1K5TRhAZ4J9I+tOscF0azyLyakufmyvEyh1qC
4SpmS7G8tLmV7+cLOuOsuxtzI9M0bZsln2Q56h0TMowhvL0puCiksXbs5bWVnr4B
6vc71VSPa3ZZk9CToD3B5gCH6u3YXhCD3deMgcnDEO7U1YnB2+xMu1mRReieEGcM
1qi2sKXgTdn7Yw1JpzhhRmgwovhGOEWYpqOeFc2qcXCl00mw5CzTDFAjO27L7nAQ
R2chxOCNDtl38BeOj/Lq2RjhjrIXz9Wrx3EZumy5Okz/mAzys+xI730qDcjFJ29m
EOYpe00y10JGMEAswTqS/QsVcUaAp6T6xJPiSRoCfRw8pIMnvy6rrFyW2dr2M+uF
Sj1QdlvsMLMY0w==
=SUl+
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20251030/70c3929f/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list