[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3166-1] ruby-sinatra security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3166-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
October 28, 2022                            https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : ruby-sinatra
Version        : 2.0.5-4+deb10u1
CVE ID         : CVE-2022-29970
Debian Bug     : 1014717

A file traversal vulnerability was discovered in src:ruby-sinatra, a
popular web server often used with Ruby on Rails. We now validate that
any expanded paths match the allowed `public_dir` when serving static
files.

For Debian 10 buster, this problem has been fixed in version
2.0.5-4+deb10u1.

We recommend that you upgrade your ruby-sinatra packages.

For the detailed security status of ruby-sinatra please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-sinatra

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmNbUiAACgkQgj6WdgbD
S5b7DRAAxLt2L7lkb1pDdTmJTHmiVX98fBr4pHlCytBmXDPXzn1MGLfCXPDBS+1B
KtiEx6K+YKE6Dro2nOxICe9HC6tsJEk4UjODKUTtUt1xUmEPXdnX6+ilqhGghvpa
PmN3WFjmL+gjerWnhmtvSMgys4SJCSUdnMbTGdXUdKUbMWG+YKTFAgVFgqt0bdKr
kcZhhLEKZKunC1k6RxNM2IgaRS5amPfOhRRCXTVOVKDnt9PfpZgm5pVCb+KLN+Cv
LQ/seA3QxhdFYI+IRAd3Im5DMWMxn9EfQllA5npnjONS74y6dec+ZWFH5XiG4zUn
TJ1K2hVPu0d6JdXQtFsPNVwtifMl6j7T5gK3vFUWkIyVcjMZ5j4XeFYqLs9sTuYg
6IT+PFwLfOLhw9gtJW1zYOsNE3yaBwxUYuo7IvXe0gyHmGUc1pqdYoi1EoZKBXZA
PK4+nzGWNKgM67zzaW5C8CiTzABuoAzAJXKWndMrNZb7QIdaPJtB0/PhbrSi8mM0
F/1nwRUnnthy6kW/G02onOiGm8Bxw7D59q9w8e1iWMtfJeSCvb3/1lUTOowZ29qc
aE4IM9wHa44mOf1hSMUrijPWHV2/c0+WHJM/NwrepAVaf0aGnVqQi9/TIDYiFcXQ
2n8unlQ/bqQ7Bu0FcfQyHeNfEzqRTU06rdHgkUlrJ+4UIvYZNzA=
=uKm0
-----END PGP SIGNATURE-----


Reply to: