[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted puma 3.12.0-2+deb10u2 (source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 15 Oct 2020 23:39:36 +0200
Source: puma
Architecture: source
Version: 3.12.0-2+deb10u2
Distribution: buster
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 952766 953122 972102
Changes:
 puma (3.12.0-2+deb10u2) buster; urgency=medium
 .
   * Team upload.
   * d/patches/0009-disable-tests-failing-in-single-cpu.patch: Add author and
     bug tracker information.
   * d/patches/CVE-2020-5247.patch: Add patch to fix CVE-2020-5247.
     - Fix header value could inject their own HTTP response (closes: #952766).
   * d/patches/CVE-2020-5249.patch: Add patch to fix CVE-2020-5249.
     - Fix splitting newlines in headers and another vector for HTTP injection
       (closes: #953122).
   * d/patches/CVE-2020-11076.patch: Add patch to fix CVE-2020-11076.
     - Better handle client input to fix HTTP Smuggling via Transfer-Encoding
       header (closes: #972102).
   * d/patches/CVE-2020-11077.patch: Add patch to fix CVE-2020-11077.
     - Reduce ambiguity of headers to fix HTTP Smuggling via Transfer-Encoding
       header (closes: #972102).
   * d/patches/series: Enable new patches.
Checksums-Sha1:
 01ccd216dfa13d28e10ca56c2c46b936aaae7d19 2004 puma_3.12.0-2+deb10u2.dsc
 1ea15fbb2128dc63de8550c97d6f6c3dc26fa1b9 11800 puma_3.12.0-2+deb10u2.debian.tar.xz
 22c9901bf839b62cf20ec908cf946580102ce750 9200 puma_3.12.0-2+deb10u2_amd64.buildinfo
Checksums-Sha256:
 2654a528baa52d73dc0b6c916f0229cc2f7a98ff18eb59606d9c7c2fb35c024f 2004 puma_3.12.0-2+deb10u2.dsc
 6bd83f1e75d4c8470afd919f17407edade486a2c739ac58777f351c7a69bf22d 11800 puma_3.12.0-2+deb10u2.debian.tar.xz
 2f7c12fb2afebbb9b4adbfe382c917f3c08820d79f2e4841a175a040d850b528 9200 puma_3.12.0-2+deb10u2_amd64.buildinfo
Files:
 63fc92aeffdba960c6e68651e4abacbc 2004 ruby optional puma_3.12.0-2+deb10u2.dsc
 7c294152781f4c567daf0ca2018f1d2b 11800 ruby optional puma_3.12.0-2+deb10u2.debian.tar.xz
 9384d28942172e7c2afae50e105fcf67 9200 ruby optional puma_3.12.0-2+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl+I6L4ACgkQS80FZ8KW
0F2vCg//befP8Y/o2PIhOBoRvhmko380+TimC0LMGAAWpjSBX4t9izMYpJTiishA
bfWHctD9fCtzRfqxXwKgILd1YmpcGqbZdDBlxgBuSUcTXb5YM5DpPocFwCtBQx5o
mGlGaHMvZZ9K4BYVg/pTW0e+RicfN7saVHZ2/0WlKT3av6PTCYrR7FsQbLVfl57q
G/N42UfNy/nB6YJuqHu3Co+cQaVxcwIfUS2FM2ON2To8EnCMj8guAaFHvhplYFo8
LHjmzBv6KxCXT3b8KLk9E3wcaACSryt3AgZhC8bbozUdJel11xrMwC7GJIA2UptQ
1SkW21KIYb5q6uBhf3LLM/CNRXn8YPenU7DIfAfu9tx7t4EzKwFU31qLe9ieT99A
QPsYIQy7sja0zsTFOnR5CGCg8TnXoN2qpN609tWh56QZcN3RCxxHLCznLPakUTUZ
OsiBlN7blyrvJB7tIK0Y4B4FKiy7Mpy2ESq2huALdoNWyf1NcQye12Q6IxTJoatj
+ps5OSHtWzbDG4yptjRxNYT31qEpTrUF1jLgSDnRjnbYjGJuVJTU7qkidlxNBWZ7
clqJdAU5qKO60RPvREwOAe/YyCc3v+Cl0e2HsDXQnymYDpqgYtcnYwvKOCcWoMVr
GDdHr3I55dkfDc3ADfBrrIOSCJnXR/VoITr7FwChAkjJ3Sn15o8=
=S7/T
-----END PGP SIGNATURE-----


Reply to: