-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2389-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : ruby-rack-cors Version : 0.4.0-1+deb9u2 CVE ID : CVE-2019-18978 Debian Bug : 944849 This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format. For Debian 9 stretch, this problem has been fixed in version 0.4.0-1+deb9u2. We recommend that you upgrade your ruby-rack-cors packages. For the detailed security status of ruby-rack-cors please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-rack-cors Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl91yNkACgkQgj6WdgbD S5YjpA//SG8OZ3YwH0G1rWF94AhYmAvF7zyh3b0GOH+QJVIzL4VaMrEPVfxJizDu XjyY7pv1a7gmV5yuo8VBD5VartNRtqyaS2/M4/HjSWtKEGlNkCcWKgJ/R15X934y /GO88t76fDiibk/FlUGfWSHM/X/zen/0fB4kDnTIN6oM87vXpTIkapdheCEGabKv TEut0suGIXpoEbLQ/B8R3l9lbq0h0rwq3O2JvuFbhIDxrCQ8uidGXkHm3ZpHE3b3 j84dXRBWivS/8QXjRe01Mgk2WuAh+h78RClWR3z6+TVTOtYriXeA8CV3ck6eVfIT tqINLmn86ov3nXE6YovWT1BLDG0KNQ+WRk2D41iQehKOuZBw2HgDzGuiOqPUqfiU XQkUDSeZ4ZBP37QWg1eGd6JJlTdQRp0qVKF3AfTnWRYiBI0ZzDoJkq8BiNmIHjIg dNO0bN2C0wm4ORgIvVt6L60foTYCn2KqgBeDWmWA7ErZqauARW/SK182usDZTHrb gUVKogEVr1WsTQd4Af4YvK2CSlsZqsqU3KAzaAFI2K/jBtW/M7vyfWfnVF/2av4J CjOYi7nUif/oCOkQ4kPW6k6H1QhrzDgeE55s2p1LkDqlbHvGKiPM5OQtDwAyuAyR qAn3NM2ZQW6spEP4P6xegY6nYxoPByhAaNUim99hHvsdLeRrLgA= =zohz -----END PGP SIGNATURE-----
