[SECURITY] [DLA 3166-1] ruby-sinatra security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3166-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
October 28, 2022 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : ruby-sinatra
Version : 2.0.5-4+deb10u1
CVE ID : CVE-2022-29970
Debian Bug : 1014717
A file traversal vulnerability was discovered in src:ruby-sinatra, a
popular web server often used with Ruby on Rails. We now validate that
any expanded paths match the allowed `public_dir` when serving static
files.
For Debian 10 buster, this problem has been fixed in version
2.0.5-4+deb10u1.
We recommend that you upgrade your ruby-sinatra packages.
For the detailed security status of ruby-sinatra please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-sinatra
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmNbUiAACgkQgj6WdgbD
S5b7DRAAxLt2L7lkb1pDdTmJTHmiVX98fBr4pHlCytBmXDPXzn1MGLfCXPDBS+1B
KtiEx6K+YKE6Dro2nOxICe9HC6tsJEk4UjODKUTtUt1xUmEPXdnX6+ilqhGghvpa
PmN3WFjmL+gjerWnhmtvSMgys4SJCSUdnMbTGdXUdKUbMWG+YKTFAgVFgqt0bdKr
kcZhhLEKZKunC1k6RxNM2IgaRS5amPfOhRRCXTVOVKDnt9PfpZgm5pVCb+KLN+Cv
LQ/seA3QxhdFYI+IRAd3Im5DMWMxn9EfQllA5npnjONS74y6dec+ZWFH5XiG4zUn
TJ1K2hVPu0d6JdXQtFsPNVwtifMl6j7T5gK3vFUWkIyVcjMZ5j4XeFYqLs9sTuYg
6IT+PFwLfOLhw9gtJW1zYOsNE3yaBwxUYuo7IvXe0gyHmGUc1pqdYoi1EoZKBXZA
PK4+nzGWNKgM67zzaW5C8CiTzABuoAzAJXKWndMrNZb7QIdaPJtB0/PhbrSi8mM0
F/1nwRUnnthy6kW/G02onOiGm8Bxw7D59q9w8e1iWMtfJeSCvb3/1lUTOowZ29qc
aE4IM9wHa44mOf1hSMUrijPWHV2/c0+WHJM/NwrepAVaf0aGnVqQi9/TIDYiFcXQ
2n8unlQ/bqQ7Bu0FcfQyHeNfEzqRTU06rdHgkUlrJ+4UIvYZNzA=
=uKm0
-----END PGP SIGNATURE-----
Reply to: