[DRE-maint] ruby-rack_2.2.22-0+deb12u1_source.changes ACCEPTED into oldstable-proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Mar 27 00:48:26 GMT 2026
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 Mar 2026 17:34:17 +0530
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 2.2.22-0+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh at debian.org>
Closes: 1128479 1128480
Changes:
ruby-rack (2.2.22-0+deb12u1) bookworm-security; urgency=high
.
* New upstream version 2.2.22.
- CVE-2026-25500: XSS injection via malicious filename
in `Rack::Directory`. (Closes: #1128480)
- CVE-2026-22860: Directory traversal via root prefix
bypass in `Rack::Directory`. (Closes: #1128479)
Checksums-Sha1:
b9c837277ec92c478b9556556b6774c175bc134e 2404 ruby-rack_2.2.22-0+deb12u1.dsc
3d097549d3a0b547e75e0bead499b87ba2222979 287630 ruby-rack_2.2.22.orig.tar.gz
027ce8467a681308e641c5081509e1f0401c22c2 9856 ruby-rack_2.2.22-0+deb12u1.debian.tar.xz
7650c88402147f06aa595729b38a1c9fc555e4a3 15943 ruby-rack_2.2.22-0+deb12u1_source.buildinfo
Checksums-Sha256:
5b20b6a4d82b3c13b4d526eb661db33768fcdc16a0eb727e47fa2266bc0b0891 2404 ruby-rack_2.2.22-0+deb12u1.dsc
477526d532b066cca6457c39b380bb68dfbe0f9cbdb2e470b944c839d2016220 287630 ruby-rack_2.2.22.orig.tar.gz
b680e1ac4dbdae958877b968fe5e96e160f954d82723e57a2b86de5df200dd57 9856 ruby-rack_2.2.22-0+deb12u1.debian.tar.xz
d45e07964bb199b6bea1ac3391aa6cb6db7e76515dcc13293a45ef5f530dc177 15943 ruby-rack_2.2.22-0+deb12u1_source.buildinfo
Files:
263f525798eac244ce2ab39ce16cb543 2404 ruby optional ruby-rack_2.2.22-0+deb12u1.dsc
a9dd8c6f5c96dbc132cda7d100ff3bf0 287630 ruby optional ruby-rack_2.2.22.orig.tar.gz
51d4303ccd4ade9bf436d426c61b564e 9856 ruby optional ruby-rack_2.2.22-0+deb12u1.debian.tar.xz
7bc467290db55f6d93c57bce2fff49c6 15943 ruby optional ruby-rack_2.2.22-0+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmm9YUwTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlnhtEADYNj7+crs3C2NCpuegbBEX9MomMbyB
m2Qk7BZooLNdJ7qOwixqXCNGTO2gzWkoIUGVdxyjars+pDsd8Ra87902QlWSEHDu
LQ512t3KpjP0408J453SzUZfB8l8YfHEpdnHyAsC/HMs3pWs3vEYUlxmItkl8PIe
+gK0AEKrT3Oj+ir+dr3OMvzDWSvJhShO9taBOhW6/jU/aqIzoQTTjA14Rk70yd3U
TmH7bImnUk+3V4+dRP+P8hQ4BsDsFWRpycg6wQD0Vu4cwXhDt05gQmFZ/Dh7b/HC
WjJdKXBH6lQQjdu5SGc9fVhcOV7qOYsOObDPOFpKQANXCweSfvxJcbI7634wSra6
1eMOSJBabayH/uiYxr0c5MQxCsrgvUUU0HIiyurTdSMEsdh8hEB3zXDaSzgGMYuO
2Ua8cvc2IoF5usWEXhre2tlulL1hsxyeBO9FcLQjQYHEcyo2/KMc9MqEVM5XqIep
8ddE/xtI3Pw8qu0x4bq9CU7kAyWBK09ywmf4ws0aFNw13pkEdP4apWcC3yDFP74e
JpYyiqkZYbYycwfcKoNPQ9Nt9PtWoCzfBr1dyRoEoKpm0RLBqCy5yJkZKN6tESoN
otUPFlcYIE7x9I+lUDWec6iesEmJsCXekKVxVeu0bl56YDgisSEcA9UaahFC8QVQ
7bd6xFDVmbTpcA==
=ZKOM
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20260327/f7c9c46c/attachment-0001.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list