-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: ruby-rack Binary: ruby-rack Architecture: all Version: 1.5.2-3+deb8u1 Maintainer: Debian Ruby Extras Maintainers <[email protected]> Uploaders: Lucas Nussbaum <[email protected]>, Youhei SASAKI <[email protected]>, Paul van Tilburg <[email protected]>, Antonio Terceiro <[email protected]> Homepage: http://rack.rubyforge.org Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb?p=pkg-ruby-extras/ruby-rack.git;a=summary Vcs-Git: git://anonscm.debian.org/pkg-ruby-extras/ruby-rack.git Testsuite: autopkgtest Build-Depends: debhelper (>= 7.0.50~), gem2deb (>= 0.3.0~), rake, ruby-bacon, ruby-memcache-client, thin Package-List: ruby-rack deb ruby optional arch=all Checksums-Sha1: e679e7a3f09007e836f465d70971216fdb4ec7cd 218461 ruby-rack_1.5.2.orig.tar.gz d02386b87622eaf4c8aae7b64dfef0fd16c01874 7212 ruby-rack_1.5.2-3+deb8u1.debian.tar.xz Checksums-Sha256: fd4fbd6545f9105baf62b6ea413b62d4724567c608b14de0a3a64568f81cc774 218461 ruby-rack_1.5.2.orig.tar.gz 56b5a29247dd9748a632187bb75c7279fdec81e27f660f45c8699688e973b977 7212 ruby-rack_1.5.2-3+deb8u1.debian.tar.xz Files: 84f6d82d041470c5c338ea06d7a01012 218461 ruby-rack_1.5.2.orig.tar.gz 1da39eb245aef6045ea76697a2f89125 7212 ruby-rack_1.5.2-3+deb8u1.debian.tar.xz Ruby-Versions: all -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVumLwAAoJEAVMuPMTQ89E64cP/1+p3Bq/FCN+rBlkO8bv1IT2 Y4AD1j7kr7Rdq/wMlUxCJA2sO8t3OTA7RD97Imw/3QjRzLBM1FoeUfl7RoRp7G3I 3NCCmvqvwgyhFQDPwEixz7uZsFsHNt9xuObRwvhCpQJf2MtVNvtE3nTmVpHxaTUb 9oSnqjz2syuTVLglorhbCXIjNbNQht0gytyCjbIHYVuqFCqzLrAYRvtC/W63a7JB WYivEhNkAB2nb04NS1zEdSoQzGPIbPSZ/TtWrjR3+x42UsGWx8G+QLcGkhJ8b5LU F5WgFbj31Rb9lWkro6r5L+rDNpDp0XG3p0I8sUbTmFEdN5sc4MIaGQASsoy757+6 UVoR8+EYxtpL1/XcbDYxLclls0bHDxBrqKfP+AQ8zvyLCsi64xnMnlgFLjB0SpQd Qe0DRQ2JkIglUDBngY/BGZfQ02ePxooDUFUBxMSY3Iig4umRVuwNreR86agmciL6 0OptNdREm+nj89b8cDClgPNQuzRfG13400J0bBwZ4UqPAEEF4VHpCTO6ZwfEP4u8 dUu7laih5/Ztf5Xcqglw9hqK+N58DyVs/Avjy0YnrFjWmRyEGKOTYrxcKYUXy8bW H6vxO9i+FDGX2ZzDL9G0DdCloaLxOzhP8Md6Z3tZQJ4ujGj9SH29dUTzTPwxUpGx hlZkqg39JvXwBoHxFEC1 =PoD+ -----END PGP SIGNATURE----- Changes: ruby-rack (1.5.2-3+deb8u1) jessie-security; urgency=high * Create cherry-picked patch for Security Fix (Closes: #789311). - CVE-2015-3225: 0001-Fix-Params_Depth.patch Default depth at which the parameter parser will raise an exception for being too deep, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. * Add 0002-Add-missing-require-to-response.rb.patch. Add missing require of rack/body_proxy in response.rb -- Youhei SASAKI <[email protected]> Wed, 29 Jul 2015 17:12:00 +0900
