[ubuntu/noble-security] ruby-rack 2.2.7-1ubuntu0.6 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Wed Feb 25 22:59:13 UTC 2026
ruby-rack (2.2.7-1ubuntu0.6) noble-security; urgency=medium
* SECURITY UPDATE: Directory Traversal Attack
- debian/patches/CVE-2026-22860.patch: Prevent directory traversal
via root prefix bypass
- CVE-2026-22860
* SECURITY UPDATE: XSS Injection
- debian/patches/CVE-2026-25500.patch: Stop XSS injection via malicious
filename in `Rack::Directory`
- CVE-2026-25500
Date: 2026-02-23 04:17:11.919740+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.6
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list