[Bug 2078711] Re: Outstanding CVEs in ruby-rack

Wed, 25 Sep 2024 22:05:32 -0700 

This bug was fixed in the package ruby-rack - 2.1.4-5ubuntu1.1

---------------
ruby-rack (2.1.4-5ubuntu1.1) jammy-security; urgency=high

  * SECURITY UPDATE: Outstanding CVEs patched upstream (LP: #2078711)
    - Following patches ported from debian bullseye (2.1.4-3+deb11u2)
    - CVE-2024-25126: ReDoS in Content Type header parsing
    - CVE-2024-26141: Reject Range headers which are too large
    - CVE-2024-26146: ReDoS in Accept header parsing
    - CVE-2022-30122: Add patch to restrict broken mime parsing.
    - CVE-2022-30123: Add patch to escape untrusted text when logging.
    - CVE-2022-44570: Add patch to fix ReDoS in Rack::Utils.get_byte_ranges.
    - CVE-2022-44571: Add patch to fix ReDoS vulnerability in multipart parser.
    - CVE-2022-44572: Add patch to forbid control characters in attributes.
    - CVE-2023-27530: Add patch to limit all multipart parts, not just files.
    - CVE-2023-27539: Add patch to avoid ReDoS problem.
  * Build test fix [ Bruce Cable <[email protected]> ]
    - fix-spec-mock-tests.patch: modifies expected value for build tests to
      pass

 -- Lissa Moriarty <[email protected]>  Mon, 02 Sep 2024
15:46:12 +0100

** Changed in: ruby-rack (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30122

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30123

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-44570

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-44571

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-44572

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-27530

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-27539

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-25126

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26141

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26146

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2078711

Title:
  Outstanding CVEs in ruby-rack

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/2078711/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to