[ubuntu/noble-security] ruby-rack 2.2.7-1ubuntu0.3 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Mon May 12 09:05:06 UTC 2025
ruby-rack (2.2.7-1ubuntu0.3) noble-security; urgency=medium
* SECURITY UPDATE: Race condition with authentication sessions.
- debian/patches/CVE-2025-32441.patch: Add get_session_with_fallback()
check and pool.store in ./lib/rack/session/pool.rb.
- CVE-2025-32441
* SECURITY UPDATE: Denial of service through large query parameters.
- debian/patches/CVE-2025-46727.patch: Add query parameter limit and
bytesize limit and corresponding checks in ./lib/rack/query_parser.rb.
- CVE-2025-46727
Date: 2025-05-09 17:28:10.908192+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list