[ubuntu/plucky-security] ruby-rack 2.2.7-1.1ubuntu0.25.04.1 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Mon May 12 09:05:04 UTC 2025
ruby-rack (2.2.7-1.1ubuntu0.25.04.1) plucky-security; urgency=medium
* SECURITY UPDATE: Race condition with authentication sessions.
- debian/patches/CVE-2025-32441.patch: Add get_session_with_fallback()
check and pool.store in ./lib/rack/session/pool.rb.
- CVE-2025-32441
* SECURITY UPDATE: Denial of service through large query parameters.
- debian/patches/CVE-2025-46727.patch: Add query parameter limit and
bytesize limit and corresponding checks in ./lib/rack/query_parser.rb.
- CVE-2025-46727
Date: 2025-05-09 17:37:12.040929+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1.1ubuntu0.25.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list