[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3298-1] ruby-rack security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3298-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
January 31, 2023                            https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : ruby-rack
Version        : 2.0.6-3+deb10u2
CVE ID         : CVE-2020-8161 CVE-2020-8184 CVE-2022-44570
                 CVE-2022-44571 CVE-2022-44572
Debian Bug     : 963477 1029832

Several vulnerabilities, like directory traversal vulnerability,
ReDoS vulnerability, et al, were found in ruby-rack, a modular Ruby
webserver interface.

For Debian 10 buster, these problems have been fixed in version
2.0.6-3+deb10u2.

We recommend that you upgrade your ruby-rack packages.

For the detailed security status of ruby-rack please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rack

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmPYPHYACgkQgj6WdgbD
S5ZWNhAAnisOGZWXl/esKlk7ABi8RIKfFp+33tEAXuNFp7PlNL+qVz7hZb/707vo
ZdWiG2adsdA/7YH72zFCVyAaEHxKqpbf/6SRw5sBMnHcp5bUNlSrY99ZAt2lTQ9i
ZZAMhXPYqwWVRp9LuyfjIw4UviS2iFj5IjtjdonsBFgKdW0MZ2M0SQbTT+hjHl05
BDrmPdNXMI8i6AzJloNhZuolc1udC4bSkMw5triQ3fweyoAcF7hVbNlAOlrbHN92
5QljywKm/oq7apNkzq8jpV7V56XGMDpOHUGYpi+ynqh3yRW324B1SxHzH7ifrpCO
l8r8xb+HcYaaqMC//bkhLGWVudclYMxl9i3zlwUNTzYEbx13wZFkan5GDy3fJEQq
GjYRtoiYYt5A7WIZw0B1EuPjXDQYIT2gyrFJwkOELI0N0i9Mkrz8pb4qnttcekCy
BION9qSv6ks5iyDgnbAGir6QOj+2BpRtSdJ7Wit/CCXOg3b8nheFl1TCi8vIuv5c
7NCrTmpPp7Td58TZlwWh6DRJHmgK1DJAVy0XVx33rwL1qrcsZL3Lieo5GfMlBfNl
7TVeyt20DEncrrOrOO/19ulvOr0U4blrwbPyg28UaYhKf6x3W+xtTs/58HlfuHQA
/4beFEUW6IXt4dc4nj0zI6AEPzUyKxsGUlAmdEXx6hVWlz7iO2Q=
=yxEx
-----END PGP SIGNATURE-----


Reply to: