-
ruby-rack (1.6.4-3ubuntu0.2) xenial-security; urgency=medium
* Merge patches from Debian.
* SECURITY UPDATE: Directory traversal vulnerability.
- debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
Dir[glob] to prevent user-specified glob metacharacters.
- CVE-2020-8161
* SECURITY UPDATE: Cookie forgery.
- debian/patches/CVE-2020-8184.patch: When parsing cookies, only
decode the values.
- CVE-2020-8184
-- Eduardo Barretto <email address hidden> Thu, 01 Apr 2021 12:43:47 +0200
-
ruby-rack (1.6.4-3ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Crafted requests can impact the data returned by the scheme
method on Rack::Request leading to an XSS attack.
- debian/patches/CVE-2018-16471.patch: whitelist http/https schemes.
- CVE-2018-16471
-- Eduardo Barretto <email address hidden> Tue, 06 Aug 2019 11:38:00 -0300
-
ruby-rack (1.6.4-3) unstable; urgency=medium
* Team upload
* Bump compat. version to 9
* Update Debian packaging using dh-make-ruby
* d/control:
Update Vcs-* fields (switch to cgit and https everywhere)
Bump Standards-Version to 3.9.7 (no changes)
Move to ruby-dalli (memcache-client is deprecated)
ROM for ruby-memcache-client
https://github.com/rack/rack/issues/1025
Remove librack-ruby* relations (those packages are long gone)
-- Sebastien Badia <email address hidden> Thu, 03 Mar 2016 16:24:53 -0300
-
ruby-rack (1.6.4-2) unstable; urgency=medium
* Upload to unstable
-- Antonio Terceiro <email address hidden> Sat, 12 Dec 2015 16:08:31 -0200
-
ruby-rack (1.5.2-4) unstable; urgency=medium
* Add patch: Fix upstream Issue 631
- uninitialized constant Rack::Response::BodyProxy
* Create cherry-picked patch for Security Fix (Closes: #789311)
- CVE-2015-3225: 1-4-deep_params.patch
-- Youhei SASAKI <email address hidden> Wed, 29 Jul 2015 17:32:29 +0900
