1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted puma 5.6.5-3+deb12u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sat Feb 1 23:10:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Wed, 29 Jan 2025 07:26:33 +0530
    Source: puma
    Architecture: source
    Version: 5.6.5-3+deb12u1
    Distribution: bookworm
    Urgency: medium
    Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
    Changed-By: Abhijith PA <abhijith@debian.org>
    Closes: 1050079 1060345 1082379
    Changes:
    puma (5.6.5-3+deb12u1) bookworm; urgency=medium
    .
    * Team upload
    * d/patches/
    + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
    parsing chunked transfer encoding bodies and zero-length
    Content-Length headers in a way that allowed HTTP request
    smuggling. (Closes: #1050079)
    .
    + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
    chunk extensions. (Closes: #1060345)
    .
    + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
    values set by intermediate proxies (such as X-Forwarded-For) by
    providing a underscore version of the same header.
    (Closes: #1082379)
    Checksums-Sha1:
    831629bb245b57fc42af81b05f8747706e8c083d 2128 puma_5.6.5-3+deb12u1.dsc
    1669453294e4ae65dfb9c0f375934cecac74d48f 13800 puma_5.6.5-3+deb12u1.debian.tar.xz
    9b4c7c4f6dc6aa8b3248aee6d28fe90f8d672116 9866 puma_5.6.5-3+deb12u1_amd64.buildinfo
    Checksums-Sha256:
    a1d80a95ba9ab81a1b7ad4fa0a7b4348ae93176ad055497ddfd092c42aeac143 2128 puma_5.6.5-3+deb12u1.dsc
    b491302c82cabcd6b3f76fa6f5d979a13507944ff9b22e874683a673d575b0dc 13800 puma_5.6.5-3+deb12u1.debian.tar.xz
    a82d45e985310952220ea0fbf212cd44a8aff4fff53573428a1448e800a5f00b 9866 puma_5.6.5-3+deb12u1_amd64.buildinfo
    Files:
    a90189d93a44cc943c732d95ab8dcee6 2128 web optional puma_5.6.5-3+deb12u1.dsc
    a2ecb0c7b47e3f830b2e026d5ff461c5 13800 web optional puma_5.6.5-3+deb12u1.debian.tar.xz
    be48458b45cfe658cf1c697e0739a52e 9866 web optional puma_5.6.5-3+deb12u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmeZjr0UHGFiaGlqaXRo QGRlYmlhbi5vcmcACgkQhj1N8u2cKO/UEw//Qo9ZcTYWX+0L2nH4LQ5sN0X6Zn+n gPzqse+kihBxBYpBpw00l5D3/GZ5SqvLgkLpOpSU8SyeAH+TU3CZ8ntMrcm0DuES Jw/oaCUcnzKIsDJgpQloCGCQwT01+iIXUA2x+t7gSTilQzPiP2A/CnQwJ0+rAAwh wXA2n+ZPLiYJnAKATBgoxgCvIHIS+GRF6hH61iCrOEPvhu7wh+nN5X0N2h4nCpRO gt+VFMkg0J27i6lfdoqljGzCmK+jQSFnm/MdkpT0TBZZfpWEsNBtZuvDr4duJ6Ix qPsFa4L9mYPzQjixy7HucnheqCwBX2/1X1aR9GP7gINjZr7U3gKzfjWMAaqvtHDE uZULxmgn3onyq2/hq/m6FI9dD9wLqzCVvu0qC5yqflOc9uOzUEaStWSkg7Tl40VS S28UUs6Jk7x3/W7ADUkhyoC5uQFmZtkpxjHZEJY02Mvc+Hxph4iJwN0LrmMnm4E7 5LzZl/WpwvuKEeg/fsicWPU5bEF7dp8w10MEglkEl9uWn3st/+hppcr42Z7eIPEA LH5asGNm77kvmjRVzFisRHomG3besg51ef6ipK9UKivxoII0OJQGke1JvPAbCyfD UYWk441rg/+cxzfU/H1pDiDG7EBSl3WR3nyNa7ZQjYWcGXB1NV5qG8aykVykp6Q8 c5TJpVOGAd2yjpI=
    =C3qy
    -----END PGP SIGNATURE-----


    --============== 78377925797595209=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ56Z8gAKCRCb9qggYcy5 IfC1AP9WlL0J9Vwr+Y0wXAyDhLH3fgxkyMf4lplPoQLhfn9EAAD+PwbpoFvlqYN9 i3w9E6X0kibn/mcsWO5319lqcCvlyA0=xzr+
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)