Publishing details

Published on 2021-04-06
Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Eduardo Barretto

Changelog

ruby-rack (1.6.4-3ubuntu0.2) xenial-security; urgency=medium

  * Merge patches from Debian.
  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
      Dir[glob] to prevent user-specified glob metacharacters.
    - CVE-2020-8161
  * SECURITY UPDATE: Cookie forgery.
    - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
      decode the values.
    - CVE-2020-8184

 -- Eduardo Barretto <email address hidden>  Thu, 01 Apr 2021 12:43:47 +0200

Available diffs

diff from 1.6.4-3ubuntu0.1 to 1.6.4-3ubuntu0.2 (1.8 KiB)

Builds

amd64

Built packages

ruby-rack modular Ruby webserver interface

Package files

ruby-rack_1.6.4-3ubuntu0.2.debian.tar.xz (7.9 KiB)
ruby-rack_1.6.4-3ubuntu0.2.dsc (2.2 KiB)
ruby-rack_1.6.4-3ubuntu0.2_all.deb (79.7 KiB)
ruby-rack_1.6.4.orig.tar.gz (226.8 KiB)