-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ruby-rack Version : 1.5.2-3+deb8u2 CVE ID : CVE-2018-16471 Debian Bug : #913005
It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8 "Jessie", this issue has been fixed in ruby-rack version 1.5.2-3+deb8u2. We recommend that you upgrade your ruby-rack packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlv1XS0ACgkQHpU+J9Qx HljrGxAAwMsW8RWEM5G7e/TbvMZM2I7UZsRDOTCy2+7F9mo52AttqnAbtuE6B/n8 OPppx3ZTWxuHL0bGSpc+UZBGOXSDnmHNtaFNB8M/rrFtDPuKWXO5dliLtni0+WNr itWgvBOOhCdeAbO4Uix1NM393tw25wP21xY5KCaiROCEhpeK3SgMIIXHkBg0CG8o g8HW8p0KzSLv/fL64G4rfzFzYclNxjs5FI7l1Q1S2Ux6uMAg5ooB0bDW/ZrQOPOS AAA66Q165wlPZeL/sdo3vJpTSvT3ae6Y2Fg83jPQDOXO9265UM4VNaZ/IJMJxo0x hfFyeQk+5cOKUOZ1iufCdteNonVHNr+aQwI35QJbmYnpygeEFWBv6PRCASQFA7VD w1DuR1afJDIos0cl3E7Qaqchan49XMM8DjphEx486vU4ZMprxrxv1OzFV7OjVN/T yNH03MCbKw0S0ADXvQ+XhbwfXoyJoUPsZIDVHqMzc+FqHDif16KLx/Psq49UnxHX E5h1p48bXbgFVe2NxkEZUyb8K3Si3WiLj0UyMOQOvSSPbbQr4A1KbRc4JgyQPqp2 PddFzu5MKfhORJOgToCz/wWXIVvKNK8IHMO4FeT36rCgcSSNKxuAaSo/qCpAuYBd gpZzApW08ZbTN0HP2F+ZjGkNGbbMHiGNLXZyHNecQIjoLrVUSBY= =FO+U -----END PGP SIGNATURE-----