[SECURITY] [DLA 3392-1] ruby-rack security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3392-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Scarlett Moore
April 17, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : ruby-rack
Version : 2.0.6-3+deb10u3
CVE ID : CVE-2023-27530 CVE-2023-27539
Debian Bug :
Two ruby-rack issues have been addressed:
CVE-2023-27530
Description: Limit all multipart parts, not just files.
CVE-2023-27539
Description: Split headers on commas, then strip the strings in
order to avoid ReDoS issues.
For Debian 10 buster, these problems have been fixed in version
2.0.6-3+deb10u3.
We recommend that you upgrade your ruby-rack packages.
For the detailed security status of ruby-rack please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rack
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfDWSDxziiZ6OqarQLnwDZ7m/oIkFAmQ9WCYACgkQLnwDZ7m/
oIm2Pw/+OToHQVUspTDxc+6FSsklOQoE44jou9X1wKj90SrEtEg+5S+qLxl2hsg6
JbG3izyf3+JbgEMFpLMHx/h/trBXG0E2FF1VAEfept2nzKp0v1xHmJRdx3EnwMvn
YwZLH9ZDEhBlpqfog/7Z7c76wC2BIJNxSSf8299pNQVu3L8iENTu98rmHwn05ZW+
qQXB5hKJTn68i/f+1uh/TDOeIIWpLm1IliuhFwWo0vo0rCXsLW7aBtDTptnAOi4s
kvmuG/zAZ4tdTr6lEKW1q0p/0mzUiorAN/b7E/3KofCjIolEMqQY9e1NfzBTJmD6
KWU+YLlkxY4bpQVZwsQIY7qorKuWgQDojtF89ryEbwQSGK7FTHpTGBNwmutKGlZn
K0C/8XXmgjxkeWOJO39Ei31WD6dbJDF3tiz3CsmSxYAJSMTFMaYaLIGzoI3lRZlF
kfWu7E+DLMxV0ch9KSvRNlu0klgqdcEJHETCExiJdmt/cf3WIDuc9V9e77w17tar
G9yrTIgSHhH80EACwJd9CfFCAnycMfM7Wr4zLcjmIZUiotyAUB/jJVDUajLa5MV9
KJpSfVAz+RaST1pUUHk8cmim0FczYv71jz+AjVAVG/ax/iUz2z4OrXVwSByanoMU
TSI586PJX1sF+95Zy63TBgEIgWC0pbVNf4aF3tBaL+8BMGURNyo=
=3lbI
-----END PGP SIGNATURE-----
Reply to: