UbuntuUpdates.org

Package "puma"

Name: puma

Description:

threaded HTTP 1.1 server for Ruby/Rack applications

Latest version: 6.4.2-4ubuntu4.3
Release: noble (24.04)
Level: updates
Repository: main
Homepage: https://puma.io

Links


Download "puma"


Other versions of "puma" in Noble

Repository Area Version
base main 6.4.2-4ubuntu4
security main 6.4.2-4ubuntu4.3

Changelog

Version: 6.4.2-4ubuntu4.3 2024-09-24 16:06:53 UTC

  puma (6.4.2-4ubuntu4.3) noble-security; urgency=medium

  * SECURITY UPDATE: header clobbering using underscores
    - debian/patches/CVE-2024-45614.patch: prevent underscores from
      clobbering hyphen headers in lib/puma/const.rb, lib/puma/request.rb,
      ext/puma_http11/org/jruby/puma/Http11.java, test/test_normalize.rb,
      test/test_request_invalid.rb.
    - CVE-2024-45614
  * Fix FTBFS due to certs expiration:
    - d/p/0009-CI-update-chain-certs-example-files-3426.patch
    - d/p/0010-Update-all-certs.patch
    - d/p/0011-Fix-path-of-certs-useb-by-test_example_cert_expirati.patch
  * Fix autopkgtests:
    - d/p/0019-Fix-path-of-certs-used-by-test_puma_server_ssl.patch
    - debian/tests/test_puma_server_ssl: switch to ruby3.2.

 -- Marc Deslauriers <email address hidden> Fri, 20 Sep 2024 08:30:04 -0400

CVE-2024-45614 Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwar



About   -   Send Feedback to @ubuntu_updates