Accepted ruby-rack 2.1.4-3+deb11u5 (source) into oldoldstable-security

Sun, 22 Mar 2026 12:46:34 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 05 Mar 2026 14:43:21 +0530
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 2.1.4-3+deb11u5
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Ruby Team 
<[email protected]>
Changed-By: Utkarsh Gupta <[email protected]>
Closes: 1128479 1128480
Changes:
 ruby-rack (2.1.4-3+deb11u5) bullseye-security; urgency=high
 .
   * Add patch to fix:
     - CVE-2026-25500: XSS injection via malicious filename
       in `Rack::Directory`. (Closes: #1128480)
     - CVE-2026-22860: Directory traversal via root prefix
       bypass in `Rack::Directory`. (Closes: #1128479)
   * Add patch to fix flaky multipart tests that race with EPIPE.
Checksums-Sha1:
 8f73f391cf041de18c66aa9a345e3d92c485cf02 2374 ruby-rack_2.1.4-3+deb11u5.dsc
 fb78585706dacc2ec7997b7c1af7d6320acd33c3 251772 ruby-rack_2.1.4.orig.tar.gz
 bbc3fd1fa81128ad62c39562315a8808cc3fbc32 28248 
ruby-rack_2.1.4-3+deb11u5.debian.tar.xz
 77d5a5d08d499b9cc1f587a2447818eca1c435aa 15939 
ruby-rack_2.1.4-3+deb11u5_source.buildinfo
Checksums-Sha256:
 3ffa3e4871cd9663948c6a6364366c1f151844bf3a2d8e27c4e95de05e2ab1e6 2374 
ruby-rack_2.1.4-3+deb11u5.dsc
 f0b67c0a585d34a135c1434ac2d0bdbb9611726afafc005d9da91a451b1a7855 251772 
ruby-rack_2.1.4.orig.tar.gz
 533fc4a902307c34bc76ca36fffa38c7066573b328478137c7ef7ce1f2dee5c9 28248 
ruby-rack_2.1.4-3+deb11u5.debian.tar.xz
 1eab5cc736d38acdc4bcfac5502aec229a0c1918bf52e2652e26211fe14a4525 15939 
ruby-rack_2.1.4-3+deb11u5_source.buildinfo
Files:
 d5c409035f98bd725c37ea2b14f48a7b 2374 ruby optional 
ruby-rack_2.1.4-3+deb11u5.dsc
 92633b2d98f6caa2fdaebcd0b15eb42d 251772 ruby optional 
ruby-rack_2.1.4.orig.tar.gz
 a13ec63a02d398326076dde415a72b0d 28248 ruby optional 
ruby-rack_2.1.4-3+deb11u5.debian.tar.xz
 9a9d61aa292a9e4e892b203eec7da685 15939 ruby optional 
ruby-rack_2.1.4-3+deb11u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmnAN30THHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLluIPEACya0JedcGSf9zqD0T/6Rw1JrwZbTHb
GyfeIp3rLWJVQEgi22W0xe/m0Ft54vRli5loDBmAEgjtipjCMAVC0qDnvJiqNiPC
1/J30Foz371y6hCrn6t2BRHD9Xg/j4uZMQu1X/zxwRpeeRYc6YdjKaV/a9/koO9x
8VC3u97oFNfWkEAhqKALl/MuJ8Pz1EX4+UPstEK0mu/Mrm+Z3cK8BVJt3/6mm7zj
MTnx54L47VsrxGVVd9pnwgmokSTm00LduyQD/hyGlsTsDV9pFZH3uoWvrB2xg262
UWKlA/yeuQymFlx0UgphNeL9xO38FMuWeJm4ktcsAMUqcCY/TYYV3KLfccsKfps3
Yv+JMKAV6VtQYoivcfyYFdBn2k08Gy18KnvAGi3rTU2rJudcKLDNKumPGIzbz8mF
slTce9aWsUcgPyeChg0WYMzf4vN2oMfJGqrhLsj79ePCFv3mkJ1H1Y9I8wBY559I
Goe5mRWFwjfvE94CeM4ODL10YT/yC2lZ9P7j4/plW14m4vhqOvPihxiyzOqA8B91
vxcEYytxV65QcD8M5FyZTDqPTnJpGow5r8iGXXO6k8jX6aJn9XmupZs11YNmE5NU
Xko2VQuG4kX5dDiLGvujadgb5YFyNt/h3Zu2rx79bQVbi1HoI2w54qkzlhdchnY6
LirM84HkHrYiJw==
=N7mL
-----END PGP SIGNATURE-----

Attachment: pgpgYtfUKzYAr.pgp
Description: PGP signature

Reply via email to