Publishing details

Published on 2021-04-06
Copied from ubuntu focal in PPA for Ubuntu Security Proposed by Eduardo Barretto

Changelog

ruby-rack (2.0.7-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
      Dir[glob] to prevent user-specified glob metacharacters.
    - CVE-2020-8161
  * SECURITY UPDATE: Cookie forgery.
    - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
      decode the values.
    - CVE-2020-8184

 -- Eduardo Barretto <email address hidden>  Thu, 01 Apr 2021 16:04:45 +0200

Available diffs

diff from 2.0.7-2 (in Debian) to 2.0.7-2ubuntu0.1 (1.9 KiB)

Builds

amd64

Built packages

ruby-rack modular Ruby webserver interface

Package files

ruby-rack_2.0.7-2ubuntu0.1.debian.tar.xz (7.4 KiB)
ruby-rack_2.0.7-2ubuntu0.1.dsc (2.3 KiB)
ruby-rack_2.0.7-2ubuntu0.1_all.deb (77.9 KiB)
ruby-rack_2.0.7.orig.tar.gz (249.5 KiB)