[SECURITY] [DSA 5530-1] ruby-rack security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5530-1] ruby-rack security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 22 Oct 2023 12:35:21 +0000
Message-id: <[🔎] E1quXft-00467q-O2@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5530-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 22, 2023                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ruby-rack
CVE ID         : CVE-2022-30122 CVE-2022-30123 CVE-2022-44570 CVE-2022-44571
                 CVE-2022-44572 CVE-2023-27530 CVE-2023-27539
Debian Bug     : 1029832 1032803 1033264

Several vulnerabilities were discovered in ruby-rack, a modular Ruby
webserver interface, which may result in denial of service and shell
escape sequence injection.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.1.4-3+deb11u1.

We recommend that you upgrade your ruby-rack packages.

For the detailed security status of ruby-rack please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rack

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU1FpxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SAig/+MS3miFMErKy2l1DjwlzjchJC0cyfMHdVn1mpWZMd3iRVuKqqhRt/GlLS
XYFRaU6loJ69WqZGLdnDJtKiOUkJPip5BIL2EZccYdg7nDkvvXs6ATffnC11B/Sn
J0N7YAYubtyE/924H+mLh+rpx5sMkmGWHKGssQzP1e2erpBl3FRIQcWm/E1PkvZY
3VmRbSluAxb3nQ6+bm+5RDNZOzPtkFQkEuGFV4BNFYqh0JWO2lKLkdG6r8+SaeBG
Kq5i+WtuHxYEVLB1Go6mvyymh8vDq6Mfimfas9B9SYDKjdiU3VOLoiaXEkjepdQF
zSm1QVyk9aYJ6Qb5yy8hrr8XPfVuqlumF+ACpsAK1wH+WtKdiQkdZsvFpcYKn5g4
q3zMa8RSoDAEnnc9AmGGdDOT/5sdosby1XAlrO7EoVGuhzKR7i1CtAdmnvABwf1d
Vqv3Jrn6pg+1c278vFc/n/fyXaHiPolRhr4xSxaNiT0OQ/f+ZUJg5NAT8WIS355k
efSzAWVpOYB4kMM3OcWWwohkYWf6WuUoZZsIKvdE8dnAhV6NYaChrS6wA3fiLoQu
0U9m+4jdB0IDLy+uffIzYCfeFepyq/Gg8e6TIx/T8Rf1uX8VFAvqiBXc3oIlGQMf
aulmQel8mGBXceLIMU+Ze0kRmMf3j5JLWotnKRFNDHAW11U2OWU=
=tPF2
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5527-2] webkit2gtk regression update
Next by Date: [SECURITY] [DSA 5531-1] roundcube security update
Previous by thread: [SECURITY] [DSA 5527-2] webkit2gtk regression update
Next by thread: [SECURITY] [DSA 5531-1] roundcube security update
Index(es):
- Date
- Thread