[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2096-1] ruby-rack-cors security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ruby-rack-cors
Version        : 0.2.9-1+deb8u1
CVE ID         : CVE-2019-18978

This package allowed ../ directory traversal to access private resources
because resource matching did not ensure that pathnames were in a canonical
format.

For Debian 8 "Jessie", this problem has been fixed in version
0.2.9-1+deb8u1.

We recommend that you upgrade your ruby-rack-cors packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl47tdIACgkQKpJZkldk
SvrsJg/8CYbJp+/ZhDWCFJbiEvkv3gJqgTVsAQCGn1GBtdbmdr4DvN9aa+QdCkJM
0D9kGvTGeuwHs6Porc4C7oS1g9w5sD9nhnBcQ8xZ92m4Ja0uEeX5JS9wBPQYfyVY
c5//vOvc2S/fLzFN0YD3kyC51/zhoeBqyVPXgkHWrpYNcpMC4K4RWWUlcfDWno/X
djvkGF7a/DHR+5+kGlWfXc3pYZeEBO/swyXlYH66iBU5K/ah+yPlBFcf/xEHP2VB
vy1bJ57hv/KAQjtj57bA/RMQbWvbEozvHV87Ebfr54P2OtbHGMJYpYG70hki/eIX
nmhWMS3DW+mdUiXeSkWPEuAGr8qaQ+/PN5xhlfPjpz1qpcuECGDX8FPM+om0KyJh
CR/YeQzwf8CGWhmAE+aXQ2SSpBU3JxN1P8vKWEbuTCR1W8SduOQZB/v1O+q03+O9
ez2Zz2u0/0mfkL2/kvheSjO4p7SpbUpPaN5nFvFKrfaRRQNIc0z6MV4qvIAAsoPw
xzu6XWiKLCuH5JNx3H34KMPK3Qxvq7D+q7bJ5KE5iW64eG8pM8viCVfJJ5fHTgJS
SSjmmPBruWbOfI4riWxM/UyBudsuUr4fx0xTkWDt5jjCxtAQyt8PlMt7mzhwzwnu
94oJQJc4fM7utykQXqXVpx3zGo1ydvrrOpLlgbCMXvxt4OKs7Kw=
=Z7J3
-----END PGP SIGNATURE-----


Reply to: