[DRE-maint] ruby-rack_3.1.20-0+deb13u1_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Mar 26 21:51:41 GMT 2026
Thank you for your contribution to Debian.
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 Mar 2026 09:44:22 +0530
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 3.1.20-0+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh at debian.org>
Closes: 1128479 1128480
Changes:
ruby-rack (3.1.20-0+deb13u1) trixie-security; urgency=high
.
* New upstream version 3.1.20.
- CVE-2026-25500: XSS injection via malicious filename
in `Rack::Directory`. (Closes: #1128480)
- CVE-2026-22860: Directory traversal via root prefix
bypass in `Rack::Directory`. (Closes: #1128479)
Checksums-Sha1:
865b1adf6fb692d66d9c7e05c8032ef9b3842c4e 2392 ruby-rack_3.1.20-0+deb13u1.dsc
65bee2af59b08e4188e98ce097b4931dc4d17619 798434 ruby-rack_3.1.20.orig.tar.gz
7b6745c0db822442890bfeb98732bfebcbb3a4e4 7900 ruby-rack_3.1.20-0+deb13u1.debian.tar.xz
743c494144207c66b711998d15ea5186bbcf7d12 15907 ruby-rack_3.1.20-0+deb13u1_source.buildinfo
Checksums-Sha256:
53d522076e02b0c7ef741926ca1ac0588ee5b4a8e8a3e9fb30d136d84ac0d775 2392 ruby-rack_3.1.20-0+deb13u1.dsc
6980815e884ba550b5d59a2feaa0a0d283813ae0a695bf35dde4a6242d418805 798434 ruby-rack_3.1.20.orig.tar.gz
c841a32c7f15b891047f507f5174994441201a8e1cbc14290623092babb49a27 7900 ruby-rack_3.1.20-0+deb13u1.debian.tar.xz
7b17e77969fbbf1b0221ec9eb5855e9e1fafb52f670581036e7ca72250a3b2fc 15907 ruby-rack_3.1.20-0+deb13u1_source.buildinfo
Files:
133f081b163f10ad7676715dadef92c4 2392 ruby optional ruby-rack_3.1.20-0+deb13u1.dsc
c8f9aff604cefa4d204480294b03a3b6 798434 ruby optional ruby-rack_3.1.20.orig.tar.gz
377df216437a733dca0a793f08a81099 7900 ruby optional ruby-rack_3.1.20-0+deb13u1.debian.tar.xz
4226b3c780cb8b429c6d5cca23bbfe6d 15907 ruby optional ruby-rack_3.1.20-0+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmnDDagTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlt8LEAClnufXzYXRh8vDEW1PfUA2BsKTx1fp
dT4JJI+ukspwc1bJyiA4URMvJqaG2V4LIyhizftNaENNvq4emSV72Y3dQiL35vBb
YpF2+7qnHkrqyUAu+6HsFWIPnIX2vdNKZxw6Estu4mGLNKhrM6ZI97OeuUWir1NC
G/4i4bllc+n1Sf0o2NU5Bm0n2aXG5ZSWhNGsozuiMlScue86ZSSls8aK4KoqkUHA
Rl6Ae0WWp9aUIFGjzPCcY4cz8aV/xME4o2JczFYhMSllH0lcTKgEdMi4w3KP+ivX
yhHxblaMGsbO3s6BtdPT80qYgqblbeX6S6QN+MhreEEjr6sQ3eSHcTF5bHwcPHCG
Yt0N8OS5vosC0lYqTMJkJqIcu8/cxw6Ug5++CCDTO7+d9LaxKwlwVgdPq7zBHMbi
BboJC6bpUB34IB7CXt7gvaG/zFjUle3U2F1E9zCpkd98XR7swH1lpXKum77vpoF2
apns8RHsSc62jBbS5OOnvuHlFRX6J5tPCiqt0ZlVyhhSHVyniBq3X8kCYpmSwyxQ
gKoaGKb0XQrw4CbF8b6PfUruiNKx3zJNM3iwHNWAJYv+IWt47LOQVni4EU+fU5o6
xvYCXWc2k9784/pGNUQcM/UmDyfjrfs3rgARvirlrTorFnGcpf8+DLJgAcp7q5iR
RpUTxrYGbC+VHQ==
=fTuB
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20260326/ccb40724/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list