Your message dated Sun, 05 Jul 2026 18:48:52 +0000
with message-id <[email protected]>
and subject line Bug#1141497: fixed in ruby-webrick 1.9.2-2
has caused the Debian Bug report #1141497,
regarding ruby-webrick: CVE-2026-38969
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1141497: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1141497
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby-webrick
Version: 1.9.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ruby/webrick/issues/198
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for ruby-webrick.

CVE-2026-38969[0]:
| ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length
| into canonical request state, enabling request smuggling.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-38969
    https://www.cve.org/CVERecord?id=CVE-2026-38969
[1] https://github.com/ruby/webrick/issues/198
[2] https://github.com/ruby/webrick/pull/199

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: ruby-webrick
Source-Version: 1.9.2-2
Done: Simon Quigley <[email protected]>

We believe that the bug you reported is fixed in the latest version of
ruby-webrick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Quigley <[email protected]> (supplier of updated ruby-webrick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 05 Jul 2026 13:27:11 -0500
Source: ruby-webrick
Architecture: source
Version: 1.9.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team 
<[email protected]>
Changed-By: Simon Quigley <[email protected]>
Closes: 1141497
Changes:
 ruby-webrick (1.9.2-2) unstable; urgency=medium
 .
   * Team upload.
   * Add CVE-2026-38969.patch to fix CVE-2026-38969 (Closes: #1141497).
   * Upgrade the watch file to version 5.
   * Update Standards-Version to 4.7.4.
   * Bump debhelper-compat to 14, dropping ${misc:Depends},
     ${shlibs:Depends}, and ${ruby:Depends} from runtime dependencies.
   * Drop old Breaks.
Checksums-Sha1:
 dd85645f353e94dd062fcb88e27c62f7f0587ed4 2032 ruby-webrick_1.9.2-2.dsc
 acc3472aac008195b04fc6900ddd07cf6ada8042 5596 
ruby-webrick_1.9.2-2.debian.tar.xz
 370433bc29f432c19dd2a22036248ee1260edfe7 7659 
ruby-webrick_1.9.2-2_source.buildinfo
Checksums-Sha256:
 04d06522772782de495588c4ad2f7fa2d85cdcc5e5ed4311528489472a9f3d77 2032 
ruby-webrick_1.9.2-2.dsc
 ecd0c04cad66222e24ce10111d5aabf039baad60d6145321f77dc3f7e96b7901 5596 
ruby-webrick_1.9.2-2.debian.tar.xz
 cc0c42d89e74f11eedc54e39a65fdd516f99748c6a37f0b210410a87c5ed4dc8 7659 
ruby-webrick_1.9.2-2_source.buildinfo
Files:
 e020a276e62cfae5e533e29f39998375 2032 ruby optional ruby-webrick_1.9.2-2.dsc
 c671ac4a20ab7c2eaf51675f89dcdd8a 5596 ruby optional 
ruby-webrick_1.9.2-2.debian.tar.xz
 172f8a2bbab5a436a828f283e6c78fed 7659 ruby optional 
ruby-webrick_1.9.2-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXHq+og+GMEWcyMi14n8s+EWML6QFAmpKoiwACgkQ4n8s+EWM
L6S/Dg/+O8kfFHMCPhjJ5cIkVT8bCvlb8OYvVb/LmjwelMIuCxm2ES7Wp1CL+eL4
g1MLrZEidbS6JBNKI1YCGuSIdpfA79dfLWzGy2Urise8zroIGgj5PYdblE6Ou9GL
+rr8XPXaZgKXcc9HE3QEFH74R2w5uK3oa1fpoGZKiZd4fAxxX11TBXl+Nv3j/IXN
+D/4Rx5dHQe5KqaXthvNdGk3CH0qa75BWgTXKClDTW57sFgZacF4WzDKPRCZ/bKE
qyRRo0gAHIdQ/kovKglsguDb7DzYHPwXow+IFG7qKn4Na8pt3CCZ0Y00VdpxX48J
9Hx4Q4thVufya6IbLktALMBs46QilPIPlKGciBAph6X0fgBGHwqHOEr05jqvI6/J
Exl4DpW95GYUadAPMdGFIwgwRLDFb889rGCHS0Sgcl7jJx1QS0KWWPR3LXJV/Azp
2NBk/VEn2qYlwuvD5trxJ6l6DR20KW7X47GDKO5Xh6Nu+/f/Bnx04lPkEC6GhVdU
LcwmLA0Pq3/u53N3WJfm62RdTS54yL9gOFFFtpyADQzLT21voXaAk25Bmwc0HrCI
OFwQW2/QPugiIGOiz2o1PNiiW9WdeIpLf1exWFbFV8TldB8lsrybPuFpUKjmoBm0
h3LnNNSq9/QrJjR0UD5+wkTkCWKtFqlzpXoSyLtu/MjqWDbMrbE=
=mWDj
-----END PGP SIGNATURE-----

Attachment: pgpWvUXtPFy6k.pgp
Description: PGP signature


--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers

Reply via email to