[ubuntu/noble-security] ruby-rack 2.2.7-1ubuntu0.5 (Accepted)
Shishir Subedi
shishirsub10 at gmail.com
Thu Jan 15 00:44:26 UTC 2026
ruby-rack (2.2.7-1ubuntu0.5) noble-security; urgency=medium
* SECURITY UPDATE: Denial of service
- d/p/CVE-2025-61770-and-CVE-2025-61772.patch: Enforce a size limit for
the preamble and multipart mime part header
- d/p/CVE-2025-61771.patch: Limit amount of retained data when parsing
multipart requests
- CVE-2025-61770
- CVE-2025-61772
- CVE-2025-61771
* SECURITY UPDATE: Information discloure using proxy bypass
- debian/patches/CVE-2025-61780.patch: Fix handling of proxy headers
(`HTTP_X_SENDFILE_TYPE` and `HTTP_X_ACCEL_MAPPING`) in Rack::Sendfile
- CVE-2025-61780
* SECURITY UPDATE: Denial of service through memory exhaustion
- debian/patches/CVE-2025-61919.patch: Enforce form parameter limit
using `query_parser.bytesize_limit` preventing unbounded read of
`application/x-www-form-urlencoded` bodies
- CVE-2025-61919
Date: 2026-01-14 04:04:12.082296+00:00
Changed-By: Shishir Subedi <shishirsub10 at gmail.com>
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list