[SECURITY] [DLA 4407-1] ruby-sidekiq security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4407-1] ruby-sidekiq security update
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Mon, 15 Dec 2025 00:50:16 +0530
Message-id: <[🔎] CAPP0f97-eCRZ9Csf5qcmq_8QVDzNL-apf241rCeeztTGFdMmFA@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4407-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
December 15, 2025                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : ruby-sidekiq
Version        : 6.0.4+dfsg-2+deb11u1
CVE ID         : CVE-2021-30151 CVE-2022-23837
Debian Bug     : z987354 1004193

ruby-sidekiq, a simple, efficient background processing for Ruby,
had a couple of vulnerabilities as follows:

CVE-2021-30151

    Sidekiq allows XSS via the queue name of the live-poll feature
    when Internet Explorer is used.

CVE-2022-23837

    In api.rb in Sidekiq, there is no limit on the number of days
    when requesting stats for the graph. This overloads the system,
    affecting the Web UI, and makes it unavailable to users.

For Debian 11 bullseye, these problems have been fixed in version
6.0.4+dfsg-2+deb11u1.

We recommend that you upgrade your ruby-sidekiq packages.

For the detailed security status of ruby-sidekiq please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-sidekiq

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmk/DdMACgkQgj6WdgbD
S5Yc0A//TT7W8gVsCp0EABhaTHVnfSkzU+gMHzIIq/4P/sqguaTZUKq/Agmpvmaf
M2rUl56joN64JQ1eZoeKurtCBbiF1AxLf6XUnIK1Q6lboFAIWs5RZLz1rH8Jxbm+
0W3ckkAeZJinX/zKs//nJ/nzUqI63iQM6gVXCIh8O0dFTRgyoP/CA7kaI1rKSUU/
rYFelGjcnnbgk7qT/sP+QEvJY01OgrEYQS73rLs0olqbnJjQ+gO1F4i+3e4ogERb
bXvr79Fqfi4LfdqbGA5lDKOicEhr9BGrX0xpGGXa5XhMSZRqn5k5qHUnEGOqvLSh
6uqALDnjrPVGEleaHwqvzYRmE8v8AS4ZDAhNH0hYdp3K3EEyBshx9Aq0lmXwHyxS
Nf5y/amz/fQvVU/kxuUg7RRrwqtrY0SI6sl7Mezxn4tkGCAGWFZYBqeluBIbnLld
E0v/ltlIO4Zd3LCP2N8skDEQrB9kO34nZZezISeSZxcQIQsAo6hbWCDMks1PxSzk
Es4CPKJ3uBSvfQLvQ89/79dibsSM8ijuWefCYSfBMJ1VEu9+z2lsr23EVafwVuSx
hy+yPowyN7QJEw8i3vkhz3tT+x1GmD0E70fFt+rO4tVTc90B3bLjzSCPLbQz1ykL
XObxPJwyK+OAnTlWs2EHgfZY5nTDigi3oV7iDhDNLySuGEh1qTM=
=3Hr7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4406-1] ruby-git security update
Next by Date: [SECURITY] [DLA 4408-1] python-apt security update
Previous by thread: [SECURITY] [DLA 4406-1] ruby-git security update
Next by thread: [SECURITY] [DLA 4408-1] python-apt security update
Index(es):
- Date
- Thread