This bug was fixed in the package ruby-rack - 2.1.4-5ubuntu1.1 --------------- ruby-rack (2.1.4-5ubuntu1.1) jammy-security; urgency=high
* SECURITY UPDATE: Outstanding CVEs patched upstream (LP: #2078711) - Following patches ported from debian bullseye (2.1.4-3+deb11u2) - CVE-2024-25126: ReDoS in Content Type header parsing - CVE-2024-26141: Reject Range headers which are too large - CVE-2024-26146: ReDoS in Accept header parsing - CVE-2022-30122: Add patch to restrict broken mime parsing. - CVE-2022-30123: Add patch to escape untrusted text when logging. - CVE-2022-44570: Add patch to fix ReDoS in Rack::Utils.get_byte_ranges. - CVE-2022-44571: Add patch to fix ReDoS vulnerability in multipart parser. - CVE-2022-44572: Add patch to forbid control characters in attributes. - CVE-2023-27530: Add patch to limit all multipart parts, not just files. - CVE-2023-27539: Add patch to avoid ReDoS problem. * Build test fix [ Bruce Cable <bruce.ca...@canonical.com> ] - fix-spec-mock-tests.patch: modifies expected value for build tests to pass -- Lissa Moriarty <lissa.moria...@york.ac.uk> Mon, 02 Sep 2024 15:46:12 +0100 ** Changed in: ruby-rack (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30122 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30123 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-44570 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-44571 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-44572 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-27530 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-27539 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-25126 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26141 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26146 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078711 Title: Outstanding CVEs in ruby-rack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/2078711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs