Format: 1.8
Date: Thu, 01 Apr 2021 12:43:47 +0200
Source: ruby-rack
Binary: ruby-rack
Architecture: all
Version: 1.6.4-3ubuntu0.2
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-019.buildd>
Changed-By: Eduardo Barretto <eduardo.barretto@canonical.com>
Description:
 ruby-rack  - modular Ruby webserver interface
Changes:
 ruby-rack (1.6.4-3ubuntu0.2) xenial-security; urgency=medium
 .
   * Merge patches from Debian.
   * SECURITY UPDATE: Directory traversal vulnerability.
     - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
       Dir[glob] to prevent user-specified glob metacharacters.
     - CVE-2020-8161
   * SECURITY UPDATE: Cookie forgery.
     - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
       decode the values.
     - CVE-2020-8184
Checksums-Sha1:
 5cb1f0cd128ad3fb18c7606d10e07ee8660d4dab 81650 ruby-rack_1.6.4-3ubuntu0.2_all.deb
Checksums-Sha256:
 18d72bc0a49f76fed8a736f109e4781c4ee0cb64627068d7a1414d57363cb6e2 81650 ruby-rack_1.6.4-3ubuntu0.2_all.deb
Files:
 9d48ecea246a52e8aa602b7bd0342304 81650 ruby optional ruby-rack_1.6.4-3ubuntu0.2_all.deb
Original-Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>