-
puma (6.4.2-4ubuntu4) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- William Grant <email address hidden> Mon, 01 Apr 2024 18:17:29 +1100
-
puma (6.4.2-4ubuntu3) noble; urgency=medium
* No-change rebuild against libssl3t64
-- Steve Langasek <email address hidden> Mon, 04 Mar 2024 21:05:58 +0000
-
puma (6.4.2-4ubuntu2) noble; urgency=medium
* No-change upload to remove support of ruby3.1.
-- Lucas Kanashiro <email address hidden> Tue, 20 Feb 2024 15:09:38 -0300
-
puma (6.4.2-4ubuntu1) noble; urgency=medium
* d/p/0018-disable-test-failing-with-ruby3.2.patch: some tests are failing
because they take too long, they do not seem real regressions.
-- Lucas Kanashiro <email address hidden> Wed, 07 Feb 2024 19:16:00 -0300
-
puma (5.6.5-4ubuntu3) noble; urgency=medium
* SECURITY UPDATE: DoS via chunked transfer encoding body parsing
- debian/patches/CVE-2024-21647.patch: limit the size of chunk
extensions in lib/puma/client.rb, test/test_puma_server.rb.
- CVE-2024-21647
-- Marc Deslauriers <email address hidden> Tue, 23 Jan 2024 12:50:14 -0500
-
puma (5.6.5-4ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: HTTP request smuggling issues
- debian/patches/CVE-2023-40175.patch: fix parsing in
lib/puma/client.rb, test/test_puma_server.rb.
- CVE-2023-40175
-- Marc Deslauriers <email address hidden> Fri, 22 Sep 2023 13:01:34 -0400