Publishing details

Published on 2020-09-30
Copied from ubuntu bionic in PPA for Ubuntu Security Proposed by Eduardo Barretto

Changelog

ruby-rack (1.6.4-4ubuntu0.2) bionic-security; urgency=medium

  * Merge patches from Debian.
  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
      Dir[glob] to prevent user-specified glob metacharacters.
    - CVE-2020-8161
  * SECURITY UPDATE: Cookie forgery.
    - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
      decode the values.
    - CVE-2020-8184

 -- Eduardo Barretto <email address hidden>  Wed, 30 Sep 2020 12:08:48 -0300

Available diffs

diff from 1.6.4-4ubuntu0.1 to 1.6.4-4ubuntu0.2 (1.8 KiB)

Builds

amd64

Built packages

ruby-rack modular Ruby webserver interface

Package files

ruby-rack_1.6.4-4ubuntu0.2.debian.tar.xz (8.0 KiB)
ruby-rack_1.6.4-4ubuntu0.2.dsc (2.3 KiB)
ruby-rack_1.6.4-4ubuntu0.2_all.deb (79.4 KiB)
ruby-rack_1.6.4.orig.tar.gz (226.8 KiB)