Package "puma"

Name:	puma
Description:	threaded HTTP 1.1 server for Ruby/Rack applications
Latest version:	6.4.2-4ubuntu4.3
Release:	noble (24.04)
Level:	security
Repository:	main
Homepage:	https://puma.io

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "puma"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "puma" in Noble

Repository	Area	Version
base	main	6.4.2-4ubuntu4
updates	main	6.4.2-4ubuntu4.3

Changelog

Version: 6.4.2-4ubuntu4.3 2024-09-24 15:07:08 UTC

puma (6.4.2-4ubuntu4.3) noble-security; urgency=medium * SECURITY UPDATE: header clobbering using underscores - debian/patches/CVE-2024-45614.patch: prevent underscores from clobbering hyphen headers in lib/puma/const.rb, lib/puma/request.rb, ext/puma_http11/org/jruby/puma/Http11.java, test/test_normalize.rb, test/test_request_invalid.rb. - CVE-2024-45614 * Fix FTBFS due to certs expiration: - d/p/0009-CI-update-chain-certs-example-files-3426.patch - d/p/0010-Update-all-certs.patch - d/p/0011-Fix-path-of-certs-useb-by-test_example_cert_expirati.patch * Fix autopkgtests: - d/p/0019-Fix-path-of-certs-used-by-test_puma_server_ssl.patch - debian/tests/test_puma_server_ssl: switch to ruby3.2. -- Marc Deslauriers <email address hidden> Fri, 20 Sep 2024 08:30:04 -0400

CVE-2024-45614

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwar

About - Send Feedback to @ubuntu_updates

Package "puma"

Links

Download "puma"

Other versions of "puma" in Noble

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

PPA updates