Change log for ruby-rack package in Ubuntu
1 → 46 of 46 results | First • Previous • Next • Last |
ruby-rack (2.2.4-3ubuntu0.2) mantic-security; urgency=medium * SECURITY UPDATE: DoS in Multipart MIME parsing code - debian/patches/CVE-2023-27530.patch: limit all multipart parts, not just files in README.rdoc, lib/rack/multipart/parser.rb, lib/rack/utils.rb, test/spec_multipart.rb, test/spec_request.rb. - CVE-2023-27530 * SECURITY UPDATE: DoS via crafted content type headers - debian/patches/CVE-2024-25126.patch: avoid 2nd degree polynomial regexp in MediaType in lib/rack/media_type.rb. - CVE-2024-25126 -- Marc Deslauriers <email address hidden> Fri, 14 Jun 2024 13:20:04 -0400
Available diffs
ruby-rack (2.2.7-1ubuntu0.1) noble-security; urgency=medium * SECURITY UPDATE: DoS via crafted content type headers - debian/patches/CVE-2024-25126.patch: avoid 2nd degree polynomial regexp in MediaType in lib/rack/media_type.rb. - CVE-2024-25126 * SECURITY UPDATE: DoS via crafted Range headers - debian/patches/CVE-2024-26141.patch: return an empty array when ranges are too large in lib/rack/utils.rb, test/spec_utils.rb. - CVE-2024-26141 * SECURITY UPDATE: Dos via crafted headers - debian/patches/CVE-2024-26146.patch: fix ReDoS in header parsing in lib/rack/utils.rb. - CVE-2024-26146 -- Marc Deslauriers <email address hidden> Fri, 14 Jun 2024 13:15:36 -0400
Available diffs
ruby-rack (2.2.7-1.1) unstable; urgency=high * Non-maintainer upload. * CVE-2024-25126: ReDoS in Content Type header parsing * CVE-2024-26141: Reject Range headers which are too large * CVE-2024-26146: ReDoS in Accept header parsing * Closes: #1064516 -- Adrian Bunk <email address hidden> Thu, 02 May 2024 22:55:26 +0300
Available diffs
- diff from 2.2.7-1 to 2.2.7-1.1 (2.2 KiB)
ruby-rack (2.2.4-3ubuntu0.1) mantic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2023-27539.patch: avoid ReDos in lib/rack/request.rb. - CVE-2023-27539 * SECURITY UPDATE: Denial of service - debian/parches/CVE-2024-26141.patch: return an empty array when ranges are too large in lib/rack/utils.rb. - CVE-2024-26141 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2024-26146.patch: Fixing ReDoS in header parsing in lib/rack/utils.rb. - CVE-2024-26146 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Mar 2024 13:42:47 -0300
Available diffs
Superseded in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
ruby-rack (2.2.7-1) unstable; urgency=medium * Team Upload * New upstream version 2.2.7 -- Pirate Praveen <email address hidden> Mon, 10 Jul 2023 20:02:41 +0530
Available diffs
- diff from 2.2.4-3 to 2.2.7-1 (5.7 KiB)
Deleted in mantic-proposed (Reason: Synced from experimental, ecosystem not yet ready and blo...) |
ruby-rack (3.0.8-1) experimental; urgency=medium * New upstream release. * Declare compliance with Debian Policy 4.6.2 * d/p/skip-random-failure.patch: removed, it does not seem to be failing anymore. -- Lucas Kanashiro <email address hidden> Mon, 26 Jun 2023 17:35:11 -0300
Available diffs
Superseded in mantic-proposed |
ruby-rack (3.0.0-1ubuntu1) mantic; urgency=medium * debian/patches/Remove-leading-dot-to-fix-compatibility-with-latest- cgi-gem.patch: compatibility with ruby CGI >= 0.3.5. Closes: #1030442, LP: #2023576. -- Steve Langasek <email address hidden> Mon, 12 Jun 2023 11:33:36 -0700
Available diffs
Superseded in noble-release |
Published in mantic-release |
Published in lunar-release |
Superseded in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
ruby-rack (2.2.4-3) unstable; urgency=high * Team upload * Fix test failures (Closes: #1030442) * Fix CVE-2022-44570 CVE-2022-44571 CVE-2022-44572 (Closes: #1029832) * Add Breaks for ruby-sinatra -- Sruthi Chandran <email address hidden> Thu, 09 Feb 2023 11:47:17 +0100
Available diffs
- diff from 2.2.4-2 to 2.2.4-3 (2.8 KiB)
ruby-rack (3.0.0-1) experimental; urgency=medium * New upstream release. * d/p/0002-Make-tests-pass-on-hosts-that-have-no-ipv4-connectiv.patch: delete patch applied by upstream. * Refresh patches. * d/ruby-rack.docs: install README.md instead of README.rdoc. * d/control: add myself to the Uploaders list. * Do not install rackup manpage anymore. Remove: - d/rackup.1 - d/ruby-rack.manpages * d/control: recommend ruby-rack-session and ruby-rackup. * d/t/control: add ruby-rackup as a test dependency of smoke-test. * d/t/smoke-test: content-type key needs to be in lowercase. * Do not depend on thin to run tests during build and autopkgtest time. -- Lucas Kanashiro <email address hidden> Wed, 09 Nov 2022 17:26:10 -0300
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
ruby-rack (2.2.4-2) unstable; urgency=medium * Team Upload * eliminate lintian warning: ruby-interpreter-is-deprecated * eliminate lintian warning: update-debian-copyright -- HIGUCHI Daisuke (VDR dai) <email address hidden> Tue, 09 Aug 2022 11:57:23 +0900
Available diffs
- diff from 2.1.4-5ubuntu1 (in Ubuntu) to 2.2.4-2 (82.5 KiB)
- diff from 2.2.4-1 to 2.2.4-2 (1021 bytes)
ruby-rack (2.2.4-1) unstable; urgency=medium * Team Upload * New upstream version 2.2.4 (Fixes: CVE-2022-30122, CVE-2022-30123) * Bump Standards-Version to 4.6.1 (no changes needed) -- Pirate Praveen <email address hidden> Fri, 01 Jul 2022 11:59:23 +0530
Available diffs
- diff from 2.2.3-4 to 2.2.4-1 (7.2 KiB)
ruby-rack (2.2.3-4) unstable; urgency=medium * Add ruby-webrick as an explicit dependency. - it's not embedded as of ruby3.0. (: -- Utkarsh Gupta <email address hidden> Mon, 24 Jan 2022 18:45:39 +0530
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
ruby-rack (2.1.4-5ubuntu1) jammy; urgency=medium * Add ruby-webrick as an explicit dependency. - it's not embedded as of ruby3.0. (: -- Utkarsh Gupta <email address hidden> Mon, 24 Jan 2022 18:59:02 +0530
Available diffs
- diff from 2.1.4-5 (in Debian) to 2.1.4-5ubuntu1 (494 bytes)
ruby-rack (2.1.4-5) unstable; urgency=medium * Team upload * Switch to gem-install layout for bundle --local compatibility -- Pirate Praveen <email address hidden> Mon, 24 Jan 2022 00:48:23 +0530
Available diffs
- diff from 2.1.4-4 to 2.1.4-5 (449 bytes)
ruby-rack (2.1.4-4) unstable; urgency=medium * Team upload [ Debian Janitor ] * Remove constraints unnecessary since buster [ Cédric Boutillier ] * Build-depend on ruby-webrick (Closes: #996353) * Bump debhelper compatibility level to 13 * Bump Standards-Version to 4.6.0 (no changes needed) -- Cédric Boutillier <email address hidden> Wed, 17 Nov 2021 11:49:13 +0100
Available diffs
- diff from 2.1.4-3 to 2.1.4-4 (883 bytes)
ruby-rack (2.1.1-5ubuntu0.1) groovy-security; urgency=medium * SECURITY UPDATE: Cookie forgery. - debian/patches/CVE-2020-8184.patch: When parsing cookies, only decode the values. - CVE-2020-8184 -- Eduardo Barretto <email address hidden> Thu, 01 Apr 2021 16:20:01 +0200
Available diffs
ruby-rack (2.0.7-2ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: Directory traversal vulnerability. - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of Dir[glob] to prevent user-specified glob metacharacters. - CVE-2020-8161 * SECURITY UPDATE: Cookie forgery. - debian/patches/CVE-2020-8184.patch: When parsing cookies, only decode the values. - CVE-2020-8184 -- Eduardo Barretto <email address hidden> Thu, 01 Apr 2021 16:04:45 +0200
Available diffs
ruby-rack (1.6.4-3ubuntu0.2) xenial-security; urgency=medium * Merge patches from Debian. * SECURITY UPDATE: Directory traversal vulnerability. - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of Dir[glob] to prevent user-specified glob metacharacters. - CVE-2020-8161 * SECURITY UPDATE: Cookie forgery. - debian/patches/CVE-2020-8184.patch: When parsing cookies, only decode the values. - CVE-2020-8184 -- Eduardo Barretto <email address hidden> Thu, 01 Apr 2021 12:43:47 +0200
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
ruby-rack (2.1.4-3) unstable; urgency=medium * Team upload. * Fix tests when run on ipv6-only hosts (Closes: #979432) -- Antonio Terceiro <email address hidden> Sat, 27 Feb 2021 09:30:57 -0300
Available diffs
- diff from 2.1.4-2 to 2.1.4-3 (1.6 KiB)
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
ruby-rack (2.1.4-2) unstable; urgency=medium * Revert "Drop all patches" - Rack::Builder::parse_file#test_0006_strips leading unicode byte order mark when present still fails in i386 and stuff. Meh, I'll take a look later. -- Utkarsh Gupta <email address hidden> Sun, 03 Jan 2021 17:49:29 +0530
Available diffs
- diff from 2.1.1-5 to 2.1.4-2 (5.4 KiB)
- diff from 2.1.1-6 to 2.1.4-2 (5.3 KiB)
ruby-rack (2.1.1-6) unstable; urgency=medium [ Cédric Boutillier ] * [ci skip] Update team name * [ci skip] Add .gitattributes to keep unwanted files out of the source package [ Debian Janitor ] * Apply multi-arch hints. + ruby-rack: Add :all qualifier for ruby dependency. [ Utkarsh Gupta ] * When parsing cookies, only decode the values. Patch utils to fix cookie parsing. (Fixes: CVE-2020-8184) (Closes: #963477) -- Utkarsh Gupta <email address hidden> Sat, 02 Jan 2021 17:42:02 +0530
ruby-rack (1.6.4-4ubuntu0.2) bionic-security; urgency=medium * Merge patches from Debian. * SECURITY UPDATE: Directory traversal vulnerability. - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of Dir[glob] to prevent user-specified glob metacharacters. - CVE-2020-8161 * SECURITY UPDATE: Cookie forgery. - debian/patches/CVE-2020-8184.patch: When parsing cookies, only decode the values. - CVE-2020-8184 -- Eduardo Barretto <email address hidden> Wed, 30 Sep 2020 12:08:48 -0300
Available diffs
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
ruby-rack (2.1.1-5) unstable; urgency=medium * Add patch to use Dir.entries instead of Dir[glob] to prevent user-specified glob metacharacters (Fixes: CVE-2020-8161) -- Utkarsh Gupta <email address hidden> Thu, 21 May 2020 17:06:27 +0530
Available diffs
- diff from 2.1.1-4 to 2.1.1-5 (1.1 KiB)
ruby-rack (2.1.1-4) unstable; urgency=medium * Remove ruby-minitest-global-expectations from Depends * Add ruby-minitest-global-expectations for tests -- Utkarsh Gupta <email address hidden> Fri, 10 Apr 2020 18:37:00 +0530
Available diffs
- diff from 2.0.7-2 to 2.1.1-4 (94.2 KiB)
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
ruby-rack (2.0.7-2) unstable; urgency=medium * Team upload * Re-upload to unstable * Add salsa-ci.yml * Bump Standards-Version to 4.4.0 * Bump debhelper-compat to 12 -- Utkarsh Gupta <email address hidden> Tue, 03 Sep 2019 00:22:18 +0530
Available diffs
- diff from 2.0.6-3 to 2.0.7-2 (2.3 KiB)
ruby-rack (1.6.4-4ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: Crafted requests can impact the data returned by the scheme method on Rack::Request leading to an XSS attack. - debian/patches/CVE-2018-16471.patch: whitelist http/https schemes. - CVE-2018-16471 -- Eduardo Barretto <email address hidden> Tue, 06 Aug 2019 11:20:40 -0300
Available diffs
ruby-rack (1.6.4-3ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Crafted requests can impact the data returned by the scheme method on Rack::Request leading to an XSS attack. - debian/patches/CVE-2018-16471.patch: whitelist http/https schemes. - CVE-2018-16471 -- Eduardo Barretto <email address hidden> Tue, 06 Aug 2019 11:38:00 -0300
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
ruby-rack (2.0.6-3) unstable; urgency=medium * Team upload. * add Breaks: ruby-sinatra (<< 2), as ruby-sinatra 1.x does not work with ruby-rack 2. -- Antonio Terceiro <email address hidden> Fri, 11 Jan 2019 10:11:26 -0300
Available diffs
- diff from 1.6.4-6 to 2.0.6-3 (161.9 KiB)
- diff from 2.0.6-2 to 2.0.6-3 (507 bytes)
ruby-rack (2.0.6-2) unstable; urgency=medium * Team upload * Re-upload to unstable -- Sruthi Chandran <email address hidden> Thu, 03 Jan 2019 21:42:53 +0530
Available diffs
- diff from 1.6.4-6 to 2.0.6-2 (161.7 KiB)
ruby-rack (1.6.4-6) unstable; urgency=medium * CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious request could impact the HTTP/HTTPS scheme returned to the underlying application. (Closes: #913005) * Drop trailing whitespace in debian/changelog. * debian/control: - Add myself to Uploaders. - wrap-and-sort -sa. * Use HTTPS URI in debian/copyright. -- Chris Lamb <email address hidden> Wed, 21 Nov 2018 10:44:19 +0100
Available diffs
- diff from 1.6.4-5 to 1.6.4-6 (2.0 KiB)
ruby-rack (1.6.4-5) unstable; urgency=medium * Team upload. * Update patch due gbp pq workflow * Add patch to support multipart filename with + in the name * Bump debhelper compatibility level to 11 * Declare compliance with Debian Policy 4.2.1 * Remove unnecessary Testsuite field * Update VCS urls to point to salsa * Use gemwatch.debian.net to track new upstream releases -- Lucas Kanashiro <email address hidden> Thu, 13 Sep 2018 09:15:51 -0300
Available diffs
- diff from 1.6.4-4 to 1.6.4-5 (2.8 KiB)
Superseded in disco-release |
Obsolete in cosmic-release |
Published in bionic-release |
Obsolete in artful-release |
Obsolete in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
ruby-rack (1.6.4-4) unstable; urgency=medium * Team upload. [ Cédric Boutillier ] * Use https:// in Vcs-* fields * Run wrap-and-sort on packaging files [ Christian Hofstaedtler ] * Remove uninstallable ruby-memcache-client from test dependencies * Bump Standards-Version to 3.9.8 -- Christian Hofstaedtler <email address hidden> Wed, 13 Jul 2016 01:59:31 +0200
Available diffs
- diff from 1.6.4-3 to 1.6.4-4 (922 bytes)
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
ruby-rack (1.6.4-3) unstable; urgency=medium * Team upload * Bump compat. version to 9 * Update Debian packaging using dh-make-ruby * d/control: Update Vcs-* fields (switch to cgit and https everywhere) Bump Standards-Version to 3.9.7 (no changes) Move to ruby-dalli (memcache-client is deprecated) ROM for ruby-memcache-client https://github.com/rack/rack/issues/1025 Remove librack-ruby* relations (those packages are long gone) -- Sebastien Badia <email address hidden> Thu, 03 Mar 2016 16:24:53 -0300
Available diffs
- diff from 1.6.4-2 to 1.6.4-3 (3.3 KiB)
ruby-rack (1.6.4-2) unstable; urgency=medium * Upload to unstable -- Antonio Terceiro <email address hidden> Sat, 12 Dec 2015 16:08:31 -0200
Available diffs
- diff from 1.5.2-4 to 1.6.4-2 (68.6 KiB)
ruby-rack (1.5.2-3+deb8u1build0.15.04.1) vivid-security; urgency=medium * fake sync from Debian
Available diffs
Superseded in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
ruby-rack (1.5.2-4) unstable; urgency=medium * Add patch: Fix upstream Issue 631 - uninitialized constant Rack::Response::BodyProxy * Create cherry-picked patch for Security Fix (Closes: #789311) - CVE-2015-3225: 1-4-deep_params.patch -- Youhei SASAKI <email address hidden> Wed, 29 Jul 2015 17:32:29 +0900
Available diffs
- diff from 1.5.2-3 to 1.5.2-4 (1.9 KiB)
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
ruby-rack (1.5.2-3) unstable; urgency=medium * add myself to Uploaders: * debian/ruby-tests.rake: run all tests instead of a subset of them * debian/tests/control: add a gem2deb-test-runner test -- Antonio Terceiro <email address hidden> Fri, 17 Oct 2014 09:41:28 -0300
Available diffs
- diff from 1.5.2-2 to 1.5.2-3 (1.2 KiB)
Superseded in vivid-release |
Obsolete in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
ruby-rack (1.5.2-2) unstable; urgency=medium * Team upload. * Rebuild with recent gem2deb to make package visible to Rubygems on all Ruby interpreters * Drop transitional packages * Add autopkgtest smoke test -- Antonio Terceiro <email address hidden> Thu, 24 Jul 2014 19:24:55 -0300
Available diffs
ruby-rack (1.5.2-1build1) utopic; urgency=medium * No-change rebuild to update the Ruby-Version attribute. -- Matthias Klose <email address hidden> Wed, 30 Apr 2014 12:04:53 +0000
Available diffs
- diff from 1.5.2-1 (in Debian) to 1.5.2-1build1 (320 bytes)
Superseded in utopic-release |
Published in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
ruby-rack (1.5.2-1) unstable; urgency=low * Team upload. [ Cédric Boutillier ] * debian/control: remove obsolete DM-Upload-Allowed flag * use canonical URI in Vcs-* fields [ Christian Hofstaedtler ] * New upstream release. * Removed all patches, already applied upstream. -- Christian Hofstaedtler <email address hidden> Mon, 03 Jun 2013 15:56:09 +0200
Available diffs
- diff from 1.4.1-2.1 to 1.5.2-1 (67.0 KiB)
ruby-rack (1.4.1-2.1) unstable; urgency=high [ KURASHIKI Satoru ] * Non-maintainer upload. * Create cherry-picked patches for Security Fix (Closes: #700173 #700226). - CVE-2013-0262: 0004-Prevent-symlink-path-traversals.patch - CVE-2013-0263: 0005-Use-secure_compare-for-hmac-comparison.patch [ Youhei SASAKI ] * Create cherry-picked patches for Security Fix (Closes: #698440). - CVE-2012-6109: 0001-Fix-parsing-performance-for-unquoted-filenames.patch - CVE-2013-0183: 0002-multipart-parser-avoid-unbounded-gets-method.patch - CVE-2013-0184: 0003-Reimplement-auth-scheme-fix.patch -- KURASHIKI Satoru <email address hidden> Wed, 20 Feb 2013 20:56:31 +0900
Available diffs
- diff from 1.4.1-2 to 1.4.1-2.1 (5.3 KiB)
ruby-rack (1.4.1-2) unstable; urgency=low * Bump build dependency on gem2deb to >= 0.3.0~ -- Antonio Terceiro <email address hidden> Mon, 25 Jun 2012 15:07:51 -0300
Available diffs
- diff from 1.4.1-1 to 1.4.1-2 (642 bytes)
ruby-rack (1.4.1-1) unstable; urgency=low * New Upstream version 1.4.1 * Bump standard version: 3.9.3 * Add Build-Depends: rake, bacon, ruby-memcache-client, thin * Add d/s/local-options: Update patch handling * Update ruby-tests.rb to ruby-tests.rake: running full test -- Youhei SASAKI <email address hidden> Wed, 07 Mar 2012 01:00:16 +0900
Available diffs
- diff from 1.4.0-1 to 1.4.1-1 (9.6 KiB)
ruby-rack (1.4.0-1) unstable; urgency=low * New upstream release (closes: #653963). -- Paul van Tilburg <email address hidden> Tue, 03 Jan 2012 22:39:13 +0100
Available diffs
- diff from 1.3.5-1 (in Ubuntu) to 1.4.0-1 (31.0 KiB)
ruby-rack (1.3.5-1) unstable; urgency=low * New upstream release. * Fix my email address. * Fix priority of transitional packages. * TESTS ARE DISABLED: many dependencies required for tests are not packaged yet. -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 03 Jan 2012 02:35:42 +0000
Available diffs
- diff from 1.3.1-1 to 1.3.5-1 (7.4 KiB)
ruby-rack (1.3.1-1) unstable; urgency=low * New upstream release: 1.3.1 * Bump Standard version: 3.9.2 * Add me to Uploaders * Add ruby-bacon to Build-Depends * Add manpage for rackup Closes: #606910 - Thanks to Glido Fiorito <email address hidden>
1 → 46 of 46 results | First • Previous • Next • Last |