Hi Eduardo, Many thanks for releasing this on the PPA. We've installed the package on one of our dev systems and checked that it has installed cleanly and is operating normally.
I have been able to positively verify the logging fix for REQUEST_METHOD eliminates the problematic behaviour (i.e. nonprintable characters now get correctly escaped in the logs) and for the byte range limit (i.e. combined byte ranges exceeding the file size return Byte range unsatisfiable). Most of the CVEs are ReDoS for which I couldn't locate test exploit code to positively verify the fix. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078711 Title: Outstanding CVEs in ruby-rack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/2078711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
