[ubuntu/noble-security] puma 6.4.2-4ubuntu4.3 (Accepted)

[Marc Deslauriers]

puma (6.4.2-4ubuntu4.3) noble-security; urgency=medium

  * SECURITY UPDATE: header clobbering using underscores
    - debian/patches/CVE-2024-45614.patch: prevent underscores from
      clobbering hyphen headers in lib/puma/const.rb, lib/puma/request.rb,
      ext/puma_http11/org/jruby/puma/Http11.java, test/test_normalize.rb,
      test/test_request_invalid.rb.
    - CVE-2024-45614
  * Fix FTBFS due to certs expiration:
    - d/p/0009-CI-update-chain-certs-example-files-3426.patch
    - d/p/0010-Update-all-certs.patch
    - d/p/0011-Fix-path-of-certs-useb-by-test_example_cert_expirati.patch
  * Fix autopkgtests:
    - d/p/0019-Fix-path-of-certs-used-by-test_puma_server_ssl.patch
    - debian/tests/test_puma_server_ssl: switch to ruby3.2.

Date: 2024-09-23 18:22:11.414142+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/puma/6.4.2-4ubuntu4.3
-------------- next part --------------
Sorry, changesfile not available.