[DRE-maint] ruby-rack_3.2.5-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Mar 10 03:33:31 GMT 2026
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 03 Mar 2026 18:15:24 +0530
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 3.2.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh at debian.org>
Closes: 1128479 1128480
Changes:
ruby-rack (3.2.5-1) unstable; urgency=medium
.
* New upstream version 3.2.5.
- CVE-2026-25500: XSS injection via malicious filename
in `Rack::Directory`. (Closes: #1128480)
- CVE-2026-22860: Directory traversal via root prefix
bypass in `Rack::Directory`. (Closes: #1128479)
Checksums-Sha1:
ee51b180be708d93e56a08da39c05cbec7de403f 2356 ruby-rack_3.2.5-1.dsc
576b33a732cae34ca6e6b9902cee742cefebb28e 4372803 ruby-rack_3.2.5.orig.tar.gz
1533a6c3fb9894f38af23cca95f693cd0323675b 7952 ruby-rack_3.2.5-1.debian.tar.xz
ba65f7ffd84770060bfade1423a344ae655922c8 15781 ruby-rack_3.2.5-1_source.buildinfo
Checksums-Sha256:
0e260b829a7a3ef402d68ac87fa49ae27beb9a9aee9685276c4f6fa473c2588a 2356 ruby-rack_3.2.5-1.dsc
4e62da1345d3cfce783d245a8a8e269b16a083e46c9c9a6cc0ee974b0d1dfe04 4372803 ruby-rack_3.2.5.orig.tar.gz
7c9d6f540e086b4fa663ae4cf88de5e2393c7cd4d008ceade2931f58d15d37c5 7952 ruby-rack_3.2.5-1.debian.tar.xz
e083743364122512c10f3a3bddc5bf175cfbea85294d2aeefdc56385b9e78a0d 15781 ruby-rack_3.2.5-1_source.buildinfo
Files:
08c3076b69fa3ace17c317b5bb6304fd 2356 ruby optional ruby-rack_3.2.5-1.dsc
437461d9e2f4bd4980a7bab40f0be177 4372803 ruby optional ruby-rack_3.2.5.orig.tar.gz
a59e1764587cd354c8925dcec1838c5b 7952 ruby optional ruby-rack_3.2.5-1.debian.tar.xz
c7ac4095ec512499d9c6c993c4cd6852 15781 ruby optional ruby-rack_3.2.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmmvi2sTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlvFdEACY00KCVlM09U3HiV+IZcKVosHV1xKT
QuyacSHI4XQDrlaiqHIDNPu21RhD3I0rqWtreRLV6vkYDIFQDFP/M1yrnm36FZLm
BlV8LRM/RJ9peNgvJdkLVqsFPuuTMgsb4L1AljELVwuSF/52zgwWBjhZirPml1O0
zLOfFXdThkbk6J1cSM9GZWm/fQ9VIuP7FQeNXNsGP+ab8d/3E9a5PphB+EoeSdhV
/iD6Ss5CTuFw2u/YxdOYKujjHxCtuIbNeJ7WUlAqe3+p0DDZSZaNAw6hQN3FS1y0
Lh+yPsWBdl83L5m7XsThLS4bKtzl2W/3+KE9F5WH0PC2hcz0Clu7N6xLnaklDuxH
XXfe/wuV5y+JQZqDZn2aGp/ZvorhPg0MU2yosI90qH2LnSVWghqhsRu/IRpufU0g
DHMPU5ep4DSS/pi0+6IkDSYpJoGzdw/IbMhLWeFjmkvqVMgfmA5mzGFaF2fyTonZ
fi+XkgdrMYOQ4+HLKQpra+Yw/N4Q5LA0GgPcE1F/guZnisDVVPzxd8cJa7IXDr4q
6jCgurxgwbwDdE3qmHWMIIYDUBDPxHuvgintUL1rPuAZ7ytXHXxmKD4XkZ3hAUyo
dV5smPu3DvV+sn6z9UK+WGWWpyPB4JfSQzXeBr48Off4nPa7JByb3qhpyTn2gdvi
s4QI3BJDg6sd3Q==
=HF6l
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20260310/7f4b8f43/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list