[ubuntu/noble-updates] puma 6.4.2-4ubuntu4.3 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Sep 24 13:58:07 UTC 2024
puma (6.4.2-4ubuntu4.3) noble-security; urgency=medium
* SECURITY UPDATE: header clobbering using underscores
- debian/patches/CVE-2024-45614.patch: prevent underscores from
clobbering hyphen headers in lib/puma/const.rb, lib/puma/request.rb,
ext/puma_http11/org/jruby/puma/Http11.java, test/test_normalize.rb,
test/test_request_invalid.rb.
- CVE-2024-45614
* Fix FTBFS due to certs expiration:
- d/p/0009-CI-update-chain-certs-example-files-3426.patch
- d/p/0010-Update-all-certs.patch
- d/p/0011-Fix-path-of-certs-useb-by-test_example_cert_expirati.patch
* Fix autopkgtests:
- d/p/0019-Fix-path-of-certs-used-by-test_puma_server_ssl.patch
- debian/tests/test_puma_server_ssl: switch to ruby3.2.
Date: 2024-09-23 18:22:11.414142+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/puma/6.4.2-4ubuntu4.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list