Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd589dab by Salvatore Bonaccorso at 2026-04-02T23:38:24+02:00
Add two more CVEs for ruby-rack
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -234,7 +234,12 @@ CVE-2026-34785 (Rack is a modular Ruby web server
interface. Prior to versions 2
NOTE: Fixed by:
https://github.com/rack/rack/commit/a17cb99b3440a4db09fb920407adf5ead127704c
(v3.1.21)
NOTE: Fixed by:
https://github.com/rack/rack/commit/203730e4abb2fac3a0514d6dc3ac56de82bdff9a
(v2.2.23)
CVE-2026-34763 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
- TODO: check
+ [experimental] - ruby-rack 3.2.6-1
+ - ruby-rack <unfixed>
+ NOTE:
https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp
+ NOTE: Fixed by:
https://github.com/rack/rack/commit/459ea1f5a58455409e377d60eeb3432ff3100e15
(v3.2.6)
+ NOTE: Fixed by:
https://github.com/rack/rack/commit/29b17c58e55539b5b9c1afd0d86266e54150193f
(v3.1.21)
+ NOTE: Fixed by:
https://github.com/rack/rack/commit/7796548b545601accdfe8f4079088bd44d0a3495
(v2.2.23)
CVE-2026-34759 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
TODO: check
CVE-2026-34758 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
@@ -300,7 +305,12 @@ CVE-2026-34426 (OpenClaw versions prior to commit
b57b680contain an approval byp
CVE-2026-34425 (OpenClaw versions prior to commit 8aceaf5 contain a preflight
validati ...)
NOT-FOR-US: OpenClaw
CVE-2026-34230 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
- TODO: check
+ [experimental] - ruby-rack 3.2.6-1
+ - ruby-rack <unfixed>
+ NOTE:
https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr
+ NOTE: Fixed by:
https://github.com/rack/rack/commit/8bf0c2eb5936eb79207f3a0be63196e7726bcb0a
(v3.2.6)
+ NOTE: Fixed by:
https://github.com/rack/rack/commit/55db26e7f43d3d45e1476f02ada75e0503abc2f1
(v3.1.21)
+ NOTE: Fixed by:
https://github.com/rack/rack/commit/8d6a0e1088a6e00259bd525506a9c4b1b69f675b
(v2.2.23)
CVE-2026-34124 (A denial-of-service vulnerability was identified in TP-Link
Tapo C520W ...)
NOT-FOR-US: TPLink
CVE-2026-34122 (A stack-based buffer overflow vulnerability was identified in
TP-Link ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd589dab4921daabab811327567973f1f706cb59
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd589dab4921daabab811327567973f1f706cb59
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
