Your message dated Sat, 04 May 2024 21:17:14 +0000 with message-id <e1s3mks-00h5bk...@fasolo.debian.org> and subject line Bug#1064516: fixed in ruby-rack 2.2.7-1.1 has caused the Debian Bug report #1064516, regarding ruby-rack: CVE-2024-26141 CVE-2024-25126 CVE-2024-26146 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1064516: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-rack X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for ruby-rack. CVE-2024-26141[0]: Reject Range headers which are too large https://github.com/rack/rack/releases/tag/v2.2.8.1 https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b (v2.2.8.1) CVE-2024-25126[1]: Fixed ReDoS in Content Type header parsing https://github.com/rack/rack/releases/tag/v2.2.8.1 CVE-2024-26146[2]: Fixed ReDoS in Accept header parsing https://github.com/rack/rack/releases/tag/v2.2.8.1 https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd (v2.2.8.1) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-26141 https://www.cve.org/CVERecord?id=CVE-2024-26141 [1] https://security-tracker.debian.org/tracker/CVE-2024-25126 https://www.cve.org/CVERecord?id=CVE-2024-25126 [2] https://security-tracker.debian.org/tracker/CVE-2024-26146 https://www.cve.org/CVERecord?id=CVE-2024-26146 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: ruby-rack Source-Version: 2.2.7-1.1 Done: Adrian Bunk <b...@debian.org> We believe that the bug you reported is fixed in the latest version of ruby-rack, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1064...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <b...@debian.org> (supplier of updated ruby-rack package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 02 May 2024 22:55:26 +0300 Source: ruby-rack Architecture: source Version: 2.2.7-1.1 Distribution: unstable Urgency: high Maintainer: Debian Ruby Team <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Adrian Bunk <b...@debian.org> Closes: 1064516 Changes: ruby-rack (2.2.7-1.1) unstable; urgency=high . * Non-maintainer upload. * CVE-2024-25126: ReDoS in Content Type header parsing * CVE-2024-26141: Reject Range headers which are too large * CVE-2024-26146: ReDoS in Accept header parsing * Closes: #1064516 Checksums-Sha1: f74ea2d462b8737d733fabf353e6c3d9797b2d84 2347 ruby-rack_2.2.7-1.1.dsc 5f0f4c3a182eba4c4066b011623f01053c8ebc8e 279222 ruby-rack_2.2.7.orig.tar.gz 6150b1489f5bbf7e4164c9da072976b3d3988d51 10932 ruby-rack_2.2.7-1.1.debian.tar.xz Checksums-Sha256: 1dd5f94772d834d6b0f24d64d4890223f7fdc6c6b1248190acaf2e7726f3779d 2347 ruby-rack_2.2.7-1.1.dsc e942379fba7a6aa18951973a95cc323c10af7aa7ff61207794bf6fea3ec822b4 279222 ruby-rack_2.2.7.orig.tar.gz 0bf5154539fdedd122ec3faef1f207681503559d0af4e348c29da701e31dda71 10932 ruby-rack_2.2.7-1.1.debian.tar.xz Files: d34fa63feef913c5426dfaa79cdaa82b 2347 ruby optional ruby-rack_2.2.7-1.1.dsc 09f5512b2919ceffc5ab777aebf0c88a 279222 ruby optional ruby-rack_2.2.7.orig.tar.gz 946e35965f30969180924c81317cb52f 10932 ruby optional ruby-rack_2.2.7-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYz8XMACgkQiNJCh6LY mLFy/Q/+OEpOrUfoSpwiFtXW6q5qSRCeRMCFTn40LGI3Qtfn5r8Yrj9/cMh7XTIE OBXyEItK6BO5InugVO8qBe89dC77aql4L5AcGcZYpOBySGjWd7+WBY7HLqWjjDN5 d3jVq/kYQnpgahh0NkN9wu6Pe+e5J9/OSXW2XRAuAfEi8hMcpJSMnKlUp79GTNVE ht92LRprlftq4tkCMeB47gTQF16fTZHTsaN02rdN5yoTiGyw3IGto6+flMztzq5e EDaK3AnMwYgkzmlKT/xSz6zKCNi9N51kuyOpcUHFvQ5WieLoHvQ9TOjrU5W4Gq8y 2oWTZmVbwn0r+SbKtzsUWGT2bB4Omun618yvqDcwMuLe+L7oHjdIdGDsWIVeT/o1 7p1OYoGjhfZbje6YG5ckb3CPaaeGbxDhy/Zo/Is82buU+kFG0nOPunYUpyyfXMk7 n6fqBt2Fup/iPA9JFL6J+Fu2TpC3UpA+Kr/2pEqFnxIdB2YhNNmY44qTdpfu6pKP sK0xoTlAM+H0ZpKqkybAG737+06b3PrC7kpWEcnPNCXUs5vqoGM1R3AyBpcJvpCT nVbU3G3yHX6dIIBuBZr7muR47UGio+WpWcN2/rt4uWC1eGqTVcUaVq67uBMoO9mF slULPmr8fsVeUqtafo34S56rVLtTrar3kzZxAFIvvAcKB6iJoQs= =beJv -----END PGP SIGNATURE-----pgp29or1jwSBd.pgp
Description: PGP signature
--- End Message ---