-
puma (5.6.5-3ubuntu1.2) lunar-security; urgency=medium
* SECURITY UPDATE: DoS via chunked transfer encoding body parsing
- debian/patches/CVE-2024-21647.patch: limit the size of chunk
extensions in lib/puma/client.rb, test/test_puma_server.rb.
- CVE-2024-21647
-- Marc Deslauriers <email address hidden> Tue, 23 Jan 2024 12:53:05 -0500
-
puma (5.6.5-3ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: HTTP request smuggling issues
- debian/patches/CVE-2023-40175.patch: fix parsing in
lib/puma/client.rb, test/test_puma_server.rb.
- CVE-2023-40175
-- Marc Deslauriers <email address hidden> Fri, 22 Sep 2023 13:03:47 -0400
-
puma (5.6.5-3ubuntu1) lunar; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Fix autopkgtest regressions on multiple architectures
(LP #1916954, #1906307)
+ d/p/skip-tests-hanging-on-different-arches.patch: this is a
workaround for now. The discussion with the Debian maintainer is
ongoing.
- d/p/skip-integration-tests-failing-in-ubuntu-autopkgtest-env.patch:
some tests are failing only in autopkgtest and need further
investigation.
* Dropped:
- d/p/fix-ssl-test.patch: Fix FTBFS against OpenSSL 3.
[Applied by upstream in version 5.6.0]
* Added:
- d/ruby-tests.rake: skip flaky tests in Ubuntu.
Some of them are executed in parallel and they try to start and stop
the puma server multiple times which is causing a race condition.
-- Lucas Kanashiro <email address hidden> Fri, 17 Feb 2023 09:45:23 -0300
-
puma (5.5.2-2ubuntu4) lunar; urgency=medium
* No-change upload to remove support for ruby3.0.
-- Lucas Kanashiro <email address hidden> Fri, 03 Feb 2023 12:43:47 -0300
-
puma (5.5.2-2ubuntu3) lunar; urgency=medium
* No-change upload to add support for ruby3.1.
-- Lucas Kanashiro <email address hidden> Tue, 24 Jan 2023 12:11:39 -0300
-
puma (5.5.2-2ubuntu2) jammy; urgency=medium
* No-change upload due to ruby3.0 transition, remove ruby2.7 support.
-- Lucas Kanashiro <email address hidden> Fri, 03 Dec 2021 18:17:16 -0300