[SECURITY] [DLA 3298-1] ruby-rack security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3298-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
January 31, 2023 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : ruby-rack
Version : 2.0.6-3+deb10u2
CVE ID : CVE-2020-8161 CVE-2020-8184 CVE-2022-44570
CVE-2022-44571 CVE-2022-44572
Debian Bug : 963477 1029832
Several vulnerabilities, like directory traversal vulnerability,
ReDoS vulnerability, et al, were found in ruby-rack, a modular Ruby
webserver interface.
For Debian 10 buster, these problems have been fixed in version
2.0.6-3+deb10u2.
We recommend that you upgrade your ruby-rack packages.
For the detailed security status of ruby-rack please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rack
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmPYPHYACgkQgj6WdgbD
S5ZWNhAAnisOGZWXl/esKlk7ABi8RIKfFp+33tEAXuNFp7PlNL+qVz7hZb/707vo
ZdWiG2adsdA/7YH72zFCVyAaEHxKqpbf/6SRw5sBMnHcp5bUNlSrY99ZAt2lTQ9i
ZZAMhXPYqwWVRp9LuyfjIw4UviS2iFj5IjtjdonsBFgKdW0MZ2M0SQbTT+hjHl05
BDrmPdNXMI8i6AzJloNhZuolc1udC4bSkMw5triQ3fweyoAcF7hVbNlAOlrbHN92
5QljywKm/oq7apNkzq8jpV7V56XGMDpOHUGYpi+ynqh3yRW324B1SxHzH7ifrpCO
l8r8xb+HcYaaqMC//bkhLGWVudclYMxl9i3zlwUNTzYEbx13wZFkan5GDy3fJEQq
GjYRtoiYYt5A7WIZw0B1EuPjXDQYIT2gyrFJwkOELI0N0i9Mkrz8pb4qnttcekCy
BION9qSv6ks5iyDgnbAGir6QOj+2BpRtSdJ7Wit/CCXOg3b8nheFl1TCi8vIuv5c
7NCrTmpPp7Td58TZlwWh6DRJHmgK1DJAVy0XVx33rwL1qrcsZL3Lieo5GfMlBfNl
7TVeyt20DEncrrOrOO/19ulvOr0U4blrwbPyg28UaYhKf6x3W+xtTs/58HlfuHQA
/4beFEUW6IXt4dc4nj0zI6AEPzUyKxsGUlAmdEXx6hVWlz7iO2Q=
=yxEx
-----END PGP SIGNATURE-----
Reply to: