[ubuntu/oracular-proposed] puma 6.4.2-5ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Sep 20 12:50:36 UTC 2024 

puma (6.4.2-5ubuntu4) oracular; urgency=medium

  * SECURITY UPDATE: header clobbering using underscores
    - debian/patches/CVE-2024-45614.patch: prevent underscores from
      clobbering hyphen headers in lib/puma/const.rb, lib/puma/request.rb,
      ext/puma_http11/org/jruby/puma/Http11.java, test/test_normalize.rb,
      test/test_request_invalid.rb.
    - CVE-2024-45614

Date: Fri, 20 Sep 2024 08:30:04 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/puma/6.4.2-5ubuntu4
-------------- next part --------------
Format: 1.8
Date: Fri, 20 Sep 2024 08:30:04 -0400
Source: puma
Built-For-Profiles: noudeb
Architecture: source
Version: 6.4.2-5ubuntu4
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 puma (6.4.2-5ubuntu4) oracular; urgency=medium
 .
   * SECURITY UPDATE: header clobbering using underscores
     - debian/patches/CVE-2024-45614.patch: prevent underscores from
       clobbering hyphen headers in lib/puma/const.rb, lib/puma/request.rb,
       ext/puma_http11/org/jruby/puma/Http11.java, test/test_normalize.rb,
       test/test_request_invalid.rb.
     - CVE-2024-45614
Checksums-Sha1:
 f854c59d2703f51ad094b25c9792b80f257dc1c7 2242 puma_6.4.2-5ubuntu4.dsc
 0c7f2e1a580208b8aed609c0e8aeca3b6f84fd93 56956 puma_6.4.2-5ubuntu4.debian.tar.xz
 5a25d014965b6fe16085c73be364eddfc9802816 10482 puma_6.4.2-5ubuntu4_source.buildinfo
Checksums-Sha256:
 e2f86951404c6731ab0f8aba2ac4136b138ffe94b918fc0d1559118a9d6b0009 2242 puma_6.4.2-5ubuntu4.dsc
 11064528ccc50366be3f50fed552393eca363fefa106fdc6cdfe192e4170c312 56956 puma_6.4.2-5ubuntu4.debian.tar.xz
 dadda503d6e087affe7dff7fa75565a1208fe5257081d67ce0380e1eb2380aa2 10482 puma_6.4.2-5ubuntu4_source.buildinfo
Files:
 bbb351df24fb9ad63f987f56b9c73d1a 2242 web optional puma_6.4.2-5ubuntu4.dsc
 d905256975d8acca7ccc66b287082f2b 56956 web optional puma_6.4.2-5ubuntu4.debian.tar.xz
 7d2b15986820c3b6ed1c63318860ea05 10482 web optional puma_6.4.2-5ubuntu4_source.buildinfo
Original-Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>

More information about the oracular-changes mailing list