-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6180-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 26, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : ruby-rack CVE ID : CVE-2026-22860 CVE-2026-25500 Two security issues (cross-site scripting and directory traversal) were found in Rack, an interface for developing web applications in Ruby. For the oldstable distribution (bookworm), these problems have been fixed in version 2.2.22-0+deb12u1. For the stable distribution (trixie), these problems have been fixed in version 3.1.20-0+deb13u1. We recommend that you upgrade your ruby-rack packages. For the detailed security status of ruby-rack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-rack Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnFp1MACgkQEMKTtsN8 TjbBmg//dyKl3DYLkZ9MeSjN/BufgKbivxbaOKXSstyitxBAYygazLx3DX929dOS 54Hiy19gQBpbe7l5yJDGv8GLduvLQiIWcu/uwXJUhK0KKLesMWf6Gp0lXj8sDCgI B9HD3D3q+dv9xyZW9vx1jFQNx7s+F+s4cv2iAY1tmjwz4SWxmJKapfzq7orWo80q ifTylMBiwWoD8nEZb73PHFU7AyY0sBcZsv8b4WgBtCdcpK0pjzJsMYr9g+e5IFMw I8matTzOAZUyf+2S71iSDKLA8dJACC7bAwdgaMn1Tasx1CDO7kgpcMoGefMK1Hu7 ZRovBhrXYW7sXsDGIumD8cEWUvtC+dsO7o++Eo6NfDPDVLiqkHJV53L4lrRnKZkl L3tZAhp7TjKOyk6BsxcYlM1C1EoYj+W7Jc5pXj6/UaNoJno0DEghH1LwamkvZxxg NWvJIyDSTVhLQ7BBJqHOlsdlsW6wBQmX5kDnJbrHJwdLSk4vxehVJHGJakW4S1D6 LdehbyImG5GeGD/XliQ6/4UhR6Wkh/1oXbyMpvASUXNVp9cM0VVV7rAm0qIk3YaV QhIgV/vFj0AUjHkmwDE+h52HfopdRNSL1k20jNCpJ0ydR6XeCpdIDIYMPxYVPMyv ojUmaT7+mPJIQwdJqBSGGwZo4C8Id1ASpKpZYus9AtM8lDwyTVQ= =Hc3P -----END PGP SIGNATURE-----
