Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
323435a3 by Salvatore Bonaccorso at 2025-03-20T07:59:23+01:00
Update ruby-rack information with last unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2140,7 +2140,7 @@ CVE-2025-27911 (An issue was discovered in Datalust Seq
before 2024.3.13545. Exp
CVE-2025-27910 (tianti v2.3 was discovered to contain a Cross-Site Request
Forgery (CS ...)
NOT-FOR-US: tianti
CVE-2025-27610 (Rack provides an interface for developing web applications in
Ruby. Pr ...)
- - ruby-rack <unfixed> (bug #1100444)
+ - ruby-rack 3.1.12-1 (bug #1100444)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
NOTE: Fixed by:
https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
(main)
NOTE: Fixed by:
https://github.com/rack/rack/commit/70cb3228c755c2d066c108a9c59fbe67aff8e889
(v3.1.12)
@@ -3589,7 +3589,7 @@ CVE-2025-27155 (Pinecone is an experimental overlay
routing protocol suite which
CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of
software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-27111 (Rack is a modular Ruby web server interface. The
Rack::Sendfile middle ...)
- - ruby-rack <unfixed> (bug #1099546)
+ - ruby-rack 3.1.12-1 (bug #1099546)
[bullseye] - ruby-rack <postponed> (Minor issue, log injection)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
NOTE: Fixed by:
https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
(v2.2.12)
@@ -11901,10 +11901,13 @@ CVE-2025-25199 (go-crypto-winnative Go crypto backend
for Windows using Cryptogr
CVE-2025-25198 (mailcow: dockerized is an open source groupware/email suite
based on d ...)
NOT-FOR-US: mailcow
CVE-2025-25184 (Rack provides an interface for developing web applications in
Ruby. Pr ...)
- - ruby-rack <unfixed> (bug #1098257)
+ - ruby-rack 3.1.12-1 (bug #1098257)
[bullseye] - ruby-rack <postponed> (Minor issue)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
- NOTE:
https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
+ NOTE:
https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
(main)
+ NOTE:
https://github.com/rack/rack/commit/4aa19786a0aad7ff2ca66eeaede4a257cc7b0726
(v3.1.10)
+ NOTE:
https://github.com/rack/rack/commit/d00d195371c959e917855f6168a1b144b0f35da2
(v3.0.12)
+ NOTE:
https://github.com/rack/rack/commit/f8b41c1dba33ec96b886e57505c149c36d56662b
(v2.2.11)
CVE-2025-25182 (Stroom is a data processing, storage and analysis platform. A
vulnerab ...)
NOT-FOR-US: Stroom
CVE-2025-1244 (A command injection flaw was found in the text editor Emacs. It
could ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/323435a35f2191d6bc68c5c5d04cb6f1fd3d2797
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/323435a35f2191d6bc68c5c5d04cb6f1fd3d2797
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
