[Git][security-tracker-team/security-tracker][master] Add new ruby-rack issues

Salvatore Bonaccorso (@carnil) Thu, 02 Apr 2026 13:55:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
322edd97 by Salvatore Bonaccorso at 2026-04-02T22:54:43+02:00
Add new ruby-rack issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -114,13 +114,27 @@ CVE-2026-34835 (Rack is a modular Ruby web server 
interface. From versions 3.0.0
 CVE-2026-34831 (Rack is a modular Ruby web server interface. Prior to versions 
2.2.23, ...)
        TODO: check
 CVE-2026-34830 (Rack is a modular Ruby web server interface. Prior to versions 
2.2.23, ...)
-       TODO: check
+       [experimental] - ruby-rack 3.2.6-1
+       - ruby-rack <unfixed>
+       NOTE: 
https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7 
(v3.2.6)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/59a0966a484f2903833fa3e4c81919d3c645738d 
(v3.1.21)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/7f288de93768b5cc44a5f4ed1ac02470d8fe52f4 
(v2.2.23)
 CVE-2026-34829 (Rack is a modular Ruby web server interface. Prior to versions 
2.2.23, ...)
-       TODO: check
+       [experimental] - ruby-rack 3.2.6-1
+       - ruby-rack <unfixed>
+       NOTE: 
https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229 
(v3.2.6)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/367a2a0ec6fbef605c9412dadfd5763b7867441f 
(v3.1.21)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de 
(v2.2.23)
 CVE-2026-34828 (listmonk is a standalone, self-hosted, newsletter and mailing 
list man ...)
        TODO: check
 CVE-2026-34827 (Rack is a modular Ruby web server interface. From versions 
3.0.0.beta1 ...)
-       TODO: check
+       [experimental] - ruby-rack 3.2.6-1
+       - ruby-rack <unfixed>
+       NOTE: 
https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205 
(v3.2.6)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/17ce7836be1523a7b453f3c06fe070ad7c954708 
(v3.1.21)
 CVE-2026-34826 (Rack is a modular Ruby web server interface. Prior to versions 
2.2.23, ...)
        TODO: check
 CVE-2026-34823 (Endian Firewall version 3.3.25 and prior allow stored 
cross-site scrip ...)
@@ -194,7 +208,12 @@ CVE-2026-34790 (Endian Firewall version 3.3.25 and prior 
allow authenticated use
 CVE-2026-34786 (Rack is a modular Ruby web server interface. Prior to versions 
2.2.23, ...)
        TODO: check
 CVE-2026-34785 (Rack is a modular Ruby web server interface. Prior to versions 
2.2.23, ...)
-       TODO: check
+       [experimental] - ruby-rack 3.2.6-1
+       - ruby-rack <unfixed>
+       NOTE: 
https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b 
(v3.2.6)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/a17cb99b3440a4db09fb920407adf5ead127704c 
(v3.1.21)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/203730e4abb2fac3a0514d6dc3ac56de82bdff9a 
(v2.2.23)
 CVE-2026-34763 (Rack is a modular Ruby web server interface. Prior to versions 
2.2.23, ...)
        TODO: check
 CVE-2026-34759 (OneUptime is an open-source monitoring and observability 
platform. Pri ...)
@@ -372,7 +391,12 @@ CVE-2026-27774 (Local privilege escalation due to DLL 
hijacking vulnerability. T
 CVE-2026-26962 (Rack is a modular Ruby web server interface. From version 
3.2.0 to bef ...)
        TODO: check
 CVE-2026-26961 (Rack is a modular Ruby web server interface. Prior to versions 
2.2.23, ...)
-       TODO: check
+       [experimental] - ruby-rack 3.2.6-1
+       - ruby-rack <unfixed>
+       NOTE: 
https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/1c0b723dbb0a01ac509ce971e0bd859f405a8e61 
(v3.2.6)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/10626530f3c54a0cd54bee1150e851aa238249e4 
(v3.1.21)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/d3804939c47304cf1e64558f1d713d3116396ae9 
(v2.2.23)
 CVE-2026-26928 (SzafirHostdownloads necessary files in the context of the 
initiating w ...)
        TODO: check
 CVE-2026-26927 (Szafir SDK Web is a browser plug-in that can run SzafirHost 
applicatio ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/322edd97c38fb5615396056727530e393ac51388

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/322edd97c38fb5615396056727530e393ac51388
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add new ruby-rack issues

Reply via email to