[SECURITY] [DLA 3392-1] ruby-rack security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3392-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Scarlett Moore
April 17, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : ruby-rack
Version : 2.0.6-3+deb10u3
CVE ID : CVE-2023-27530 CVE-2023-27539
Debian Bug :
Two ruby-rack issues have been addressed:
CVE-2023-27530
Description: Limit all multipart parts, not just files.
CVE-2023-27539
Description: Split headers on commas, then strip the strings in
order to avoid ReDoS issues.
For Debian 10 buster, these problems have been fixed in version
2.0.6-3+deb10u3.
We recommend that you upgrade your ruby-rack packages.
For the detailed security status of ruby-rack please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rack
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfDWSDxziiZ6OqarQLnwDZ7m/oIkFAmQ9UD0ACgkQLnwDZ7m/
oImaYhAArcs7zUH7KitfFRcQZWx8qAuDf4PdvCjPtw6sPYqzwfpewaQzqiOsIXzV
sEx83325XdcX9Ea828tBefGN0rpbO5NECGTRwPHf7K6ArUySG9HwznyUDeaeZFqQ
9iMZljR7FtS0DuitpaOIiWdt7P4nT0crFew2kJvxU79mSF6bxSO3BZ/IuYVjHHiz
prSEPa905YdEOI5CKM2D7RM+NDV4Sxyd1VCwZ8xaBZ/GyvI+zW52cNrxoTLOimK6
k0FyNOk87IflltOYZTdxBU6MSM51OJ5X5q6TRoRxTGlozhJam9/W+uW1ENAryBKZ
3WqiqLYRFw7hP0QItW93x3x++yIW9TX5gDFylBtFwXQJP9tXM9qcG1zWE9XWqxm2
aMO0bIByRPvPrlDNhD/7PwZ/38yCRWElp5us7WOec4yi8uf/vrQ/GOVM+039vTid
WCI3Dv0NIwpBMYfyG/kgX17F52vtcH3Bl4ftRcmDa0lcMEeJfOAQQ/CyGAnzyQg5
s+NcqPfbUaVRfkL7+3efuJMVkCKBhkj5D2Prj9WycsyGcKeYPSHDO2dgm3TnUH85
fzZP32mE1dC4zj8Boq4aHLzVqMcyTRhUI6edRW4lY8JbXGXuElv6pootvgmvJCyD
eTgTNJBZpQslHTuSeQ40iPF5snwxL4+Qpg+HSJp/Euic/XmjIBw=
=aW0n
-----END PGP SIGNATURE-----
Reply to: