[ubuntu/mantic-security] ruby-rack 2.2.4-3ubuntu0.1 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Mar 12 11:22:24 UTC 2024
ruby-rack (2.2.4-3ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2023-27539.patch: avoid ReDos
in lib/rack/request.rb.
- CVE-2023-27539
* SECURITY UPDATE: Denial of service
- debian/parches/CVE-2024-26141.patch: return an empty array
when ranges are too large in lib/rack/utils.rb.
- CVE-2024-26141
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-26146.patch: Fixing ReDoS in header parsing
in lib/rack/utils.rb.
- CVE-2024-26146
Date: 2024-03-06 10:15:10.588202+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.4-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list