Package "ruby-rack"
Name: |
ruby-rack
|
Description: |
modular Ruby webserver interface
|
Latest version: |
2.2.7-1.1ubuntu0.2 |
Release: |
oracular (24.10) |
Level: |
updates |
Repository: |
main |
Homepage: |
https://rack.github.io/ |
Links
Download "ruby-rack"
Other versions of "ruby-rack" in Oracular
Changelog
ruby-rack (2.2.7-1.1ubuntu0.2) oracular-security; urgency=medium
* SECURITY UPDATE: Race condition with authentication sessions.
- debian/patches/CVE-2025-32441.patch: Add get_session_with_fallback()
check and pool.store in ./lib/rack/session/pool.rb.
- CVE-2025-32441
* SECURITY UPDATE: Denial of service through large query parameters.
- debian/patches/CVE-2025-46727.patch: Add query parameter limit and
bytesize limit and corresponding checks in ./lib/rack/query_parser.rb.
- CVE-2025-46727
-- Hlib Korzhynskyy <email address hidden> Thu, 08 May 2025 15:33:25 -0230
|
Source diff to previous version |
CVE-2025-32441 |
Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can |
CVE-2025-46727 |
Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/ |
|
ruby-rack (2.2.7-1.1ubuntu0.1) oracular-security; urgency=medium
* SECURITY UPDATE: injection vulnerabilities
- debian/patches/CVE-2025-25184.patch: Escape non-printable
characters when logging.
- debian/patches/CVE-2025-27111.patch: Use `#inspect` to prevent log
injection.
- CVE-2025-25184
- CVE-2025-27111
* SECURITY UPDATE: path traversal vulnerability
- debian/patches/CVE-2025-27610.patch: Use a fully resolved file
path when confirming if a file can be served by `Rack::Static`.
- CVE-2025-27610
-- Shishir Subedi <email address hidden> Fri, 14 Mar 2025 13:51:48 +0545
|
CVE-2025-25184 |
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited |
CVE-2025-27111 |
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacke |
CVE-2025-27610 |
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files unde |
|
About
-
Send Feedback to @ubuntu_updates