[SECURITY] [DLA 3900-1] ruby-httparty security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3900-1] ruby-httparty security update
From: Adrian Bunk <bunk@debian.org>
Date: Sat, 28 Sep 2024 13:05:43 +0300
Message-id: <[🔎] ZvfU92T6isizowTS@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3900-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 28, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ruby-httparty
Version        : 0.18.1-2+deb11u1
CVE ID         : CVE-2024-22049

multipart/form-data request tampering has been fixed in ruby-httparty,
a Ruby library for using Web-based APIs and related services.

For Debian 11 bullseye, this problem has been fixed in version
0.18.1-2+deb11u1.

We recommend that you upgrade your ruby-httparty packages.

For the detailed security status of ruby-httparty please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-httparty

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmb31PIACgkQiNJCh6LY
mLHIYw/+I5oWbs+n/7CTXqvD2tIDPmV9FD58TU97hOz/jGGmgbpnsi5R56C8MqU2
Fn7306fJh+PyyLP2Gd/XQCI1XpT+vbrKBbw675vu3N8ezfp+ChkRd4EZDD3O7QgS
jTcq3LfkQGitquAieQeY5mnHVBu9SKW1Ph2SNdTEseQjiOzvUVms69dokvnbFYub
WPeoxWEBYNAkcBuByv6rcS7xAfiCKhfZlIECX0c+OyJF9QHgCyGWioCkeWjUtp5w
urnkzdeGwKUBMOFC7UVAqWbzDPBYnNr3u9PHdZGMYQmY1GbZfdMop2FC5IBhcnVH
mLkS8nFt6y/buszPi5I6p+c646YvF0hN6Ww4Wy7tMDzVyuQZDjnd54v31tnMpyR2
AAjs1ZGYytfgP5y9i0ahwsOISL7DYV4NYl6tMyanlv10qUxJmzfEZsou24mqp7k1
vRsySH0/aJx0u64AavF00kofyoHIw7Y15KuEv30DnhBUbHpRnsOoTE1mj4MA0vK0
CBOojHW++xwr4/aADwC+ObROtgZn8wy8dUYmIjWqu2LnzsERCNluwCESwoXJSMw4
tfBppRTIkZt6D2MxAa0iErmxP1YodlwFFJ/uU7yGRxByLk7+LFHi4nkVDdSOBKCN
yqKCVE1fSa+M3yI8hCRasrEwW0IfrVsCXdJDERcGHUU0pWO4jMk=
=YUn5
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3899-1] python-asyncssh security update
Next by Date: [SECURITY] [DLA 3901-1] ruby-loofah security update
Previous by thread: [SECURITY] [DLA 3899-1] python-asyncssh security update
Next by thread: [SECURITY] [DLA 3901-1] ruby-loofah security update
Index(es):
- Date
- Thread