[SECURITY] [DLA 1585-1] ruby-rack security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1585-1] ruby-rack security update
From: Chris Lamb <lamby@debian.org>
Date: Wed, 21 Nov 2018 08:27:56 -0500
Message-id: <[🔎] 1542806876.1289135.1584455168.2110FB74@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ruby-rack
Version        : 1.5.2-3+deb8u2
CVE ID         : CVE-2018-16471
Debian Bug     : #913005

It was discovered that there was an XSS vulnerability in the ruby-rack
web-server library.

A malicious request could impact the HTTP/HTTPS scheme being returned
to the underlying application.

For Debian 8 "Jessie", this issue has been fixed in ruby-rack version
1.5.2-3+deb8u2.

We recommend that you upgrade your ruby-rack packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlv1XS0ACgkQHpU+J9Qx
HljrGxAAwMsW8RWEM5G7e/TbvMZM2I7UZsRDOTCy2+7F9mo52AttqnAbtuE6B/n8
OPppx3ZTWxuHL0bGSpc+UZBGOXSDnmHNtaFNB8M/rrFtDPuKWXO5dliLtni0+WNr
itWgvBOOhCdeAbO4Uix1NM393tw25wP21xY5KCaiROCEhpeK3SgMIIXHkBg0CG8o
g8HW8p0KzSLv/fL64G4rfzFzYclNxjs5FI7l1Q1S2Ux6uMAg5ooB0bDW/ZrQOPOS
AAA66Q165wlPZeL/sdo3vJpTSvT3ae6Y2Fg83jPQDOXO9265UM4VNaZ/IJMJxo0x
hfFyeQk+5cOKUOZ1iufCdteNonVHNr+aQwI35QJbmYnpygeEFWBv6PRCASQFA7VD
w1DuR1afJDIos0cl3E7Qaqchan49XMM8DjphEx486vU4ZMprxrxv1OzFV7OjVN/T
yNH03MCbKw0S0ADXvQ+XhbwfXoyJoUPsZIDVHqMzc+FqHDif16KLx/Psq49UnxHX
E5h1p48bXbgFVe2NxkEZUyb8K3Si3WiLj0UyMOQOvSSPbbQr4A1KbRc4JgyQPqp2
PddFzu5MKfhORJOgToCz/wWXIVvKNK8IHMO4FeT36rCgcSSNKxuAaSo/qCpAuYBd
gpZzApW08ZbTN0HP2F+ZjGkNGbbMHiGNLXZyHNecQIjoLrVUSBY=
=FO+U
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1584-1] ruby-i18n security update
Next by Date: [SECURITY] [DLA 1583-1] jasper security update
Previous by thread: [SECURITY] [DLA 1584-1] ruby-i18n security update
Next by thread: [SECURITY] [DLA 1583-1] jasper security update
Index(es):
- Date
- Thread