-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ruby-rack-cors Version : 0.2.9-1+deb8u1 CVE ID : CVE-2019-18978
This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format. For Debian 8 "Jessie", this problem has been fixed in version 0.2.9-1+deb8u1. We recommend that you upgrade your ruby-rack-cors packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl47tdIACgkQKpJZkldk SvrsJg/8CYbJp+/ZhDWCFJbiEvkv3gJqgTVsAQCGn1GBtdbmdr4DvN9aa+QdCkJM 0D9kGvTGeuwHs6Porc4C7oS1g9w5sD9nhnBcQ8xZ92m4Ja0uEeX5JS9wBPQYfyVY c5//vOvc2S/fLzFN0YD3kyC51/zhoeBqyVPXgkHWrpYNcpMC4K4RWWUlcfDWno/X djvkGF7a/DHR+5+kGlWfXc3pYZeEBO/swyXlYH66iBU5K/ah+yPlBFcf/xEHP2VB vy1bJ57hv/KAQjtj57bA/RMQbWvbEozvHV87Ebfr54P2OtbHGMJYpYG70hki/eIX nmhWMS3DW+mdUiXeSkWPEuAGr8qaQ+/PN5xhlfPjpz1qpcuECGDX8FPM+om0KyJh CR/YeQzwf8CGWhmAE+aXQ2SSpBU3JxN1P8vKWEbuTCR1W8SduOQZB/v1O+q03+O9 ez2Zz2u0/0mfkL2/kvheSjO4p7SpbUpPaN5nFvFKrfaRRQNIc0z6MV4qvIAAsoPw xzu6XWiKLCuH5JNx3H34KMPK3Qxvq7D+q7bJ5KE5iW64eG8pM8viCVfJJ5fHTgJS SSjmmPBruWbOfI4riWxM/UyBudsuUr4fx0xTkWDt5jjCxtAQyt8PlMt7mzhwzwnu 94oJQJc4fM7utykQXqXVpx3zGo1ydvrrOpLlgbCMXvxt4OKs7Kw= =Z7J3 -----END PGP SIGNATURE-----