-
ruby-rack (1.6.4-4ubuntu0.2) bionic-security; urgency=medium
* Merge patches from Debian.
* SECURITY UPDATE: Directory traversal vulnerability.
- debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
Dir[glob] to prevent user-specified glob metacharacters.
- CVE-2020-8161
* SECURITY UPDATE: Cookie forgery.
- debian/patches/CVE-2020-8184.patch: When parsing cookies, only
decode the values.
- CVE-2020-8184
-- Eduardo Barretto <email address hidden> Wed, 30 Sep 2020 12:08:48 -0300
-
ruby-rack (1.6.4-4ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Crafted requests can impact the data returned by the scheme
method on Rack::Request leading to an XSS attack.
- debian/patches/CVE-2018-16471.patch: whitelist http/https schemes.
- CVE-2018-16471
-- Eduardo Barretto <email address hidden> Tue, 06 Aug 2019 11:20:40 -0300
-
ruby-rack (1.6.4-4) unstable; urgency=medium
* Team upload.
[ Cédric Boutillier ]
* Use https:// in Vcs-* fields
* Run wrap-and-sort on packaging files
[ Christian Hofstaedtler ]
* Remove uninstallable ruby-memcache-client from test dependencies
* Bump Standards-Version to 3.9.8
-- Christian Hofstaedtler <email address hidden> Wed, 13 Jul 2016 01:59:31 +0200