Source: ruby-rack Version: 3.1.16-0.1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 2.2.13-1~deb12u1
Hi, The following vulnerabilities were published for ruby-rack. CVE-2025-61770[0] and CVE-2025-61772[1]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-61770 https://www.cve.org/CVERecord?id=CVE-2025-61770 https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp [1] https://security-tracker.debian.org/tracker/CVE-2025-61772 https://www.cve.org/CVERecord?id=CVE-2025-61772 https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c Please adjust the affected versions in the BTS as needed. Regards, Salvatore
