-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3166-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 28, 2022 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : ruby-sinatra Version : 2.0.5-4+deb10u1 CVE ID : CVE-2022-29970 Debian Bug : 1014717 A file traversal vulnerability was discovered in src:ruby-sinatra, a popular web server often used with Ruby on Rails. We now validate that any expanded paths match the allowed `public_dir` when serving static files. For Debian 10 buster, this problem has been fixed in version 2.0.5-4+deb10u1. We recommend that you upgrade your ruby-sinatra packages. For the detailed security status of ruby-sinatra please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-sinatra Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmNbUiAACgkQgj6WdgbD S5b7DRAAxLt2L7lkb1pDdTmJTHmiVX98fBr4pHlCytBmXDPXzn1MGLfCXPDBS+1B KtiEx6K+YKE6Dro2nOxICe9HC6tsJEk4UjODKUTtUt1xUmEPXdnX6+ilqhGghvpa PmN3WFjmL+gjerWnhmtvSMgys4SJCSUdnMbTGdXUdKUbMWG+YKTFAgVFgqt0bdKr kcZhhLEKZKunC1k6RxNM2IgaRS5amPfOhRRCXTVOVKDnt9PfpZgm5pVCb+KLN+Cv LQ/seA3QxhdFYI+IRAd3Im5DMWMxn9EfQllA5npnjONS74y6dec+ZWFH5XiG4zUn TJ1K2hVPu0d6JdXQtFsPNVwtifMl6j7T5gK3vFUWkIyVcjMZ5j4XeFYqLs9sTuYg 6IT+PFwLfOLhw9gtJW1zYOsNE3yaBwxUYuo7IvXe0gyHmGUc1pqdYoi1EoZKBXZA PK4+nzGWNKgM67zzaW5C8CiTzABuoAzAJXKWndMrNZb7QIdaPJtB0/PhbrSi8mM0 F/1nwRUnnthy6kW/G02onOiGm8Bxw7D59q9w8e1iWMtfJeSCvb3/1lUTOowZ29qc aE4IM9wHa44mOf1hSMUrijPWHV2/c0+WHJM/NwrepAVaf0aGnVqQi9/TIDYiFcXQ 2n8unlQ/bqQ7Bu0FcfQyHeNfEzqRTU06rdHgkUlrJ+4UIvYZNzA= =uKm0 -----END PGP SIGNATURE-----
