Accepted puma 3.12.0-2+deb10u2 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 15 Oct 2020 23:39:36 +0200
Source: puma
Architecture: source
Version: 3.12.0-2+deb10u2
Distribution: buster
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 952766 953122 972102
Changes:
puma (3.12.0-2+deb10u2) buster; urgency=medium
.
* Team upload.
* d/patches/0009-disable-tests-failing-in-single-cpu.patch: Add author and
bug tracker information.
* d/patches/CVE-2020-5247.patch: Add patch to fix CVE-2020-5247.
- Fix header value could inject their own HTTP response (closes: #952766).
* d/patches/CVE-2020-5249.patch: Add patch to fix CVE-2020-5249.
- Fix splitting newlines in headers and another vector for HTTP injection
(closes: #953122).
* d/patches/CVE-2020-11076.patch: Add patch to fix CVE-2020-11076.
- Better handle client input to fix HTTP Smuggling via Transfer-Encoding
header (closes: #972102).
* d/patches/CVE-2020-11077.patch: Add patch to fix CVE-2020-11077.
- Reduce ambiguity of headers to fix HTTP Smuggling via Transfer-Encoding
header (closes: #972102).
* d/patches/series: Enable new patches.
Checksums-Sha1:
01ccd216dfa13d28e10ca56c2c46b936aaae7d19 2004 puma_3.12.0-2+deb10u2.dsc
1ea15fbb2128dc63de8550c97d6f6c3dc26fa1b9 11800 puma_3.12.0-2+deb10u2.debian.tar.xz
22c9901bf839b62cf20ec908cf946580102ce750 9200 puma_3.12.0-2+deb10u2_amd64.buildinfo
Checksums-Sha256:
2654a528baa52d73dc0b6c916f0229cc2f7a98ff18eb59606d9c7c2fb35c024f 2004 puma_3.12.0-2+deb10u2.dsc
6bd83f1e75d4c8470afd919f17407edade486a2c739ac58777f351c7a69bf22d 11800 puma_3.12.0-2+deb10u2.debian.tar.xz
2f7c12fb2afebbb9b4adbfe382c917f3c08820d79f2e4841a175a040d850b528 9200 puma_3.12.0-2+deb10u2_amd64.buildinfo
Files:
63fc92aeffdba960c6e68651e4abacbc 2004 ruby optional puma_3.12.0-2+deb10u2.dsc
7c294152781f4c567daf0ca2018f1d2b 11800 ruby optional puma_3.12.0-2+deb10u2.debian.tar.xz
9384d28942172e7c2afae50e105fcf67 9200 ruby optional puma_3.12.0-2+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl+I6L4ACgkQS80FZ8KW
0F2vCg//befP8Y/o2PIhOBoRvhmko380+TimC0LMGAAWpjSBX4t9izMYpJTiishA
bfWHctD9fCtzRfqxXwKgILd1YmpcGqbZdDBlxgBuSUcTXb5YM5DpPocFwCtBQx5o
mGlGaHMvZZ9K4BYVg/pTW0e+RicfN7saVHZ2/0WlKT3av6PTCYrR7FsQbLVfl57q
G/N42UfNy/nB6YJuqHu3Co+cQaVxcwIfUS2FM2ON2To8EnCMj8guAaFHvhplYFo8
LHjmzBv6KxCXT3b8KLk9E3wcaACSryt3AgZhC8bbozUdJel11xrMwC7GJIA2UptQ
1SkW21KIYb5q6uBhf3LLM/CNRXn8YPenU7DIfAfu9tx7t4EzKwFU31qLe9ieT99A
QPsYIQy7sja0zsTFOnR5CGCg8TnXoN2qpN609tWh56QZcN3RCxxHLCznLPakUTUZ
OsiBlN7blyrvJB7tIK0Y4B4FKiy7Mpy2ESq2huALdoNWyf1NcQye12Q6IxTJoatj
+ps5OSHtWzbDG4yptjRxNYT31qEpTrUF1jLgSDnRjnbYjGJuVJTU7qkidlxNBWZ7
clqJdAU5qKO60RPvREwOAe/YyCc3v+Cl0e2HsDXQnymYDpqgYtcnYwvKOCcWoMVr
GDdHr3I55dkfDc3ADfBrrIOSCJnXR/VoITr7FwChAkjJ3Sn15o8=
=S7/T
-----END PGP SIGNATURE-----
Reply to: