[SECURITY] [DLA 2389-1] ruby-rack-cors security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2389-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
October 01, 2020 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : ruby-rack-cors
Version : 0.4.0-1+deb9u2
CVE ID : CVE-2019-18978
Debian Bug : 944849
This package allowed ../ directory traversal to access private
resources because resource matching did not ensure that
pathnames were in a canonical format.
For Debian 9 stretch, this problem has been fixed in version
0.4.0-1+deb9u2.
We recommend that you upgrade your ruby-rack-cors packages.
For the detailed security status of ruby-rack-cors please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rack-cors
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl91yNkACgkQgj6WdgbD
S5YjpA//SG8OZ3YwH0G1rWF94AhYmAvF7zyh3b0GOH+QJVIzL4VaMrEPVfxJizDu
XjyY7pv1a7gmV5yuo8VBD5VartNRtqyaS2/M4/HjSWtKEGlNkCcWKgJ/R15X934y
/GO88t76fDiibk/FlUGfWSHM/X/zen/0fB4kDnTIN6oM87vXpTIkapdheCEGabKv
TEut0suGIXpoEbLQ/B8R3l9lbq0h0rwq3O2JvuFbhIDxrCQ8uidGXkHm3ZpHE3b3
j84dXRBWivS/8QXjRe01Mgk2WuAh+h78RClWR3z6+TVTOtYriXeA8CV3ck6eVfIT
tqINLmn86ov3nXE6YovWT1BLDG0KNQ+WRk2D41iQehKOuZBw2HgDzGuiOqPUqfiU
XQkUDSeZ4ZBP37QWg1eGd6JJlTdQRp0qVKF3AfTnWRYiBI0ZzDoJkq8BiNmIHjIg
dNO0bN2C0wm4ORgIvVt6L60foTYCn2KqgBeDWmWA7ErZqauARW/SK182usDZTHrb
gUVKogEVr1WsTQd4Af4YvK2CSlsZqsqU3KAzaAFI2K/jBtW/M7vyfWfnVF/2av4J
CjOYi7nUif/oCOkQ4kPW6k6H1QhrzDgeE55s2p1LkDqlbHvGKiPM5OQtDwAyuAyR
qAn3NM2ZQW6spEP4P6xegY6nYxoPByhAaNUim99hHvsdLeRrLgA=
=zohz
-----END PGP SIGNATURE-----
Reply to: