Discussion:
Processed: bookworm-pu: package puma/5.6.5-3+deb12u1
(too old to reply)
Debian Bug Tracking System
2024-12-31 14:20:01 UTC
Permalink
affects -1 + src:puma
Bug #1091795 [release.debian.org] bookworm-pu: package puma/5.6.5-3+deb12u1
Added indication that 1091795 affects src:puma
--
1091795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091795
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Adam D. Barratt
2025-01-02 21:10:01 UTC
Permalink
Control: tags -1 + confirmed
As a ruby team member I would like to do a update of this package in
stable to fix CVE-2023-40175,CVE-2024-21647 and CVE-2024-45614.
Please go ahead.

Regards,

Adam
Debian Bug Tracking System
2025-01-02 21:10:01 UTC
Permalink
Post by Adam D. Barratt
tags -1 + confirmed
Bug #1091795 [release.debian.org] bookworm-pu: package puma/5.6.5-3+deb12u1
Added tag(s) confirmed.
--
1091795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091795
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Jonathan Wiltshire
2025-02-01 21:50:02 UTC
Permalink
package release.debian.org
tags 1091795 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: puma
Version: 5.6.5-3+deb12u1

Explanation: fix behaviour when parsing chunked transfer encoding bodies and zero-length Content-Length headers [CVE-2023-40175]; limit size of chunk extensions [CVE-2024-21647]; prevent manipulation of headers set by intermediate proxies [CVE-2024-45614]
Loading...