This bug was fixed in the package puma - 6.4.3-1ubuntu1
---------------
puma (6.4.3-1ubuntu1) plucky; urgency=medium
* Merge with Debian unstable (LP: #2085270). Remaining changes:
- d/p/0018-disable-test-failing-with-ruby3.2.patch: some tests are failing
because they take too long, they do not seem real regressions.
* Dropped changes:
- Fix autopkgtests:
+ d/p/0019-Fix-path-of-certs-used-by-test_puma_server_ssl.patch
+ debian/tests/test_puma_server_ssl: switch to ruby3.3.
[ Removed in 6.4.3-1 ]
- Fix FTBFS due to certs expiration:
+ d/p/0010-Update-all-certs.patch
+ d/p/0011-Fix-path-of-certs-useb-by-test_example_cert_expirati.patch
[ Fixed in 6.4.2-6 ]
- SECURITY UPDATE: header clobbering using underscores
+ debian/patches/CVE-2024-45614.patch: prevent underscores from
clobbering hyphen headers in lib/puma/const.rb, lib/puma/request.rb,
ext/puma_http11/org/jruby/puma/Http11.java, test/test_normalize.rb,
test/test_request_invalid.rb.
+ CVE-2024-45614
[ Fixed in 6.4.3 ]
-- Athos Ribeiro <athos.ribe...@canonical.com> Fri, 20 Dec 2024
11:12:25 -0300
** Changed in: puma (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-45614
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085270
Title:
Merge puma from Debian unstable for plucky
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/puma/+bug/2085270/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
