[ubuntu/resolute-proposed] ruby-rack 3.2.4-1ubuntu1 (Accepted)

Bruce Cable bruce.cable at canonical.com
Thu Feb 26 14:52:14 UTC 2026 

ruby-rack (3.2.4-1ubuntu1) resolute; urgency=medium

  * SECURITY UPDATE: Directory Traversal Attack
    - debian/patches/CVE-2026-22860.patch: Prevent directory traversal
      via root prefix bypass
    - CVE-2026-22860
  * SECURITY UPDATE: XSS Injection
    - debian/patches/CVE-2026-25500.patch: Stop XSS injection via malicious
      filename in `Rack::Directory`
    - CVE-2026-25500

Date: Thu, 26 Feb 2026 10:02:46 +1100
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ruby-rack/3.2.4-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 26 Feb 2026 10:02:46 +1100
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 3.2.4-1ubuntu1
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Changes:
 ruby-rack (3.2.4-1ubuntu1) resolute; urgency=medium
 .
   * SECURITY UPDATE: Directory Traversal Attack
     - debian/patches/CVE-2026-22860.patch: Prevent directory traversal
       via root prefix bypass
     - CVE-2026-22860
   * SECURITY UPDATE: XSS Injection
     - debian/patches/CVE-2026-25500.patch: Stop XSS injection via malicious
       filename in `Rack::Directory`
     - CVE-2026-25500
Checksums-Sha1:
 f903b86853e5a0d81df4ecac23fd000c641d8147 2434 ruby-rack_3.2.4-1ubuntu1.dsc
 9aba46f9008a2907036093bf489f137ecfd9cea3 9272 ruby-rack_3.2.4-1ubuntu1.debian.tar.xz
 7a3e035dd98259655d7d30bd97b01c4466ca24e5 7081 ruby-rack_3.2.4-1ubuntu1_source.buildinfo
Checksums-Sha256:
 5bbd02eca127862987814b905d23fc248a712b4fd3734613a95f2d603b97c4b7 2434 ruby-rack_3.2.4-1ubuntu1.dsc
 cd49b34c785912a8cd35477e5737513eee7befc2cc8eaf4241474d39bb0014d1 9272 ruby-rack_3.2.4-1ubuntu1.debian.tar.xz
 af81fe712b71b4c9d2fdc6f280cd5530864321f515a00b366b86ff7d8835765b 7081 ruby-rack_3.2.4-1ubuntu1_source.buildinfo
Files:
 8099d1d15763ad385243b705b3fa4ffc 2434 ruby optional ruby-rack_3.2.4-1ubuntu1.dsc
 8b857f1dc9d4cdfe855f97164ed86410 9272 ruby optional ruby-rack_3.2.4-1ubuntu1.debian.tar.xz
 c0372bc39edffd3d0a16685c8b8eff25 7081 ruby optional ruby-rack_3.2.4-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>

More information about the Resolute-changes mailing list