ruby-rack-cors / CVE-2019-18978

Attached is my proposed patch for Jessie. This had to be adapted from the upstream patch, however I think I have understood the intentions clearly. The Rack::Utils.clean_path_info and Rack::Utils.unescape_path functions required by the upstream patch are not available in Jessie, so I copied these

LTS report for January 2020

Hours worked: 3 hours Work done: DLA 2091-1 libjackson-json-java CVE-2017-7525 CVE-2017-15095 CVE-2019-10172