Bug#950795: buster-pu: package puma/3.12.0-2
Control: tags -1 + confirmed
On Thu, 2020-02-06 at 17:33 +0100, Daniel Leidert wrote:
> The proposed update will fix CVE-2019-16770 (#946312) for Buster
> users. The security team marked the issue no-dsa and asked to
> schedule the fix via the next point release. The debdiff is attached.
> The patch to fix the CVE has been taken from upstream's Git
> repository.
+puma (3.12.0-2+deb10u1) buster-security; urgency=medium
Just "buster" for p-u, please.
+Subject: Merge pull request from GHSA-7xx3-m584-x994
+
+could monopolize a thread. Previously, this could make a DoS attack more
+severe.
Is there a missing line (or at least words) before "could monopolize"
there?
In any case, please go ahead (with the fixed distribution).
Regards,
Adam
Reply to: