Source: ruby-rack X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for ruby-rack. CVE-2024-26141[0]: Reject Range headers which are too large https://github.com/rack/rack/releases/tag/v2.2.8.1 https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b (v2.2.8.1) CVE-2024-25126[1]: Fixed ReDoS in Content Type header parsing https://github.com/rack/rack/releases/tag/v2.2.8.1 CVE-2024-26146[2]: Fixed ReDoS in Accept header parsing https://github.com/rack/rack/releases/tag/v2.2.8.1 https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd (v2.2.8.1) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-26141 https://www.cve.org/CVERecord?id=CVE-2024-26141 [1] https://security-tracker.debian.org/tracker/CVE-2024-25126 https://www.cve.org/CVERecord?id=CVE-2024-25126 [2] https://security-tracker.debian.org/tracker/CVE-2024-26146 https://www.cve.org/CVERecord?id=CVE-2024-26146 Please adjust the affected versions in the BTS as needed.