[ubuntu/jammy-updates] ruby-rack 2.1.4-5ubuntu1.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Sep 26 05:58:09 UTC 2024
ruby-rack (2.1.4-5ubuntu1.1) jammy-security; urgency=high
* SECURITY UPDATE: Outstanding CVEs patched upstream (LP: #2078711)
- Following patches ported from debian bullseye (2.1.4-3+deb11u2)
- CVE-2024-25126: ReDoS in Content Type header parsing
- CVE-2024-26141: Reject Range headers which are too large
- CVE-2024-26146: ReDoS in Accept header parsing
- CVE-2022-30122: Add patch to restrict broken mime parsing.
- CVE-2022-30123: Add patch to escape untrusted text when logging.
- CVE-2022-44570: Add patch to fix ReDoS in Rack::Utils.get_byte_ranges.
- CVE-2022-44571: Add patch to fix ReDoS vulnerability in multipart parser.
- CVE-2022-44572: Add patch to forbid control characters in attributes.
- CVE-2023-27530: Add patch to limit all multipart parts, not just files.
- CVE-2023-27539: Add patch to avoid ReDoS problem.
* Build test fix [ Bruce Cable <bruce.cable at canonical.com> ]
- fix-spec-mock-tests.patch: modifies expected value for build tests to
pass
Date: 2024-09-24 05:48:15.253899+00:00
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ruby-rack/2.1.4-5ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list