[ubuntu/plucky-updates] ruby-rack 2.2.7-1.1ubuntu0.25.04.2 (Accepted)

Wed Jul 23 13:28:16 UTC 2025

ruby-rack (2.2.7-1.1ubuntu0.25.04.2) plucky-security; urgency=medium

  * SECURITY UPDATE: injection vulnerabilities
    - debian/patches/CVE-2025-25184.patch: Escape non-printable
      characters when logging.
    - debian/patches/CVE-2025-27111.patch: Use `#inspect` to prevent log
      injection.
    - CVE-2025-25184
    - CVE-2025-27111
  * SECURITY UPDATE: path traversal vulnerability
    - debian/patches/CVE-2025-27610.patch: Use a fully resolved file
      path when confirming if a file can be served by `Rack::Static`.
    - CVE-2025-27610

Date: 2025-07-22 19:54:11.470442+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1.1ubuntu0.25.04.2
-------------- next part --------------
Sorry, changesfile not available.