-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 23 Oct 2025 09:54:27 +0100
Source: ruby-rack
Binary: ruby-rack
Architecture: all
Version: 2.2.20-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Description:
 ruby-rack  - modular Ruby webserver interface
Closes: 1104927 1116431 1117627 1117628 1117855 1117856
Changes:
 ruby-rack (2.2.20-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 2.2.20.
     - CVE-2025-32441: Rack session can be restored after deletion.
     - CVE-2025-46727: Unbounded parameter parsing in Rack::QueryParser
       can lead to memory exhaustion.
     - CVE-2025-59830: Unbounded parameter parsing in Rack::QueryParser
       can lead to memory exhaustion via semicolon-separated parameters.
     - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS
       (memory exhaustion).
     - CVE-2025-61771: Multipart parser buffers large non‑file fields
       entirely in memory, enabling DoS (memory exhaustion).
     - CVE-2025-61772: Multipart parser buffers unbounded per-part headers,
       enabling DoS (memory exhaustion).
     - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead
       to memory exhaustion.
     - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may
       allow proxy bypass.
     - Closes: #1104927, #1116431, #1117855, #1117856, #1117627, #1117628
Checksums-Sha1:
 406b913b537c36c8b1b3ee8a50d36fe940555d29 9732 ruby-rack_2.2.20-0+deb12u1_all-buildd.buildinfo
 9a848b6e079bf31159c3940cd07d583ee91b6571 136012 ruby-rack_2.2.20-0+deb12u1_all.deb
Checksums-Sha256:
 8a4f3609d86608463b05bbd96ba21c92156595d4cf4c03cec0795488d7b57f21 9732 ruby-rack_2.2.20-0+deb12u1_all-buildd.buildinfo
 6d9078be58ce43af65330adfa8a887870c50e76160be5c03071176b287aa7be0 136012 ruby-rack_2.2.20-0+deb12u1_all.deb
Files:
 e567859a56f8581511c3feca86023417 9732 ruby optional ruby-rack_2.2.20-0+deb12u1_all-buildd.buildinfo
 f12ba28d61623c7dec0e8838f7444127 136012 ruby optional ruby-rack_2.2.20-0+deb12u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmkEpCYACgkQiZlfn74W
V6mC+Q/8CVMFg20YVJrQMltyGEEVCRB1KjBs2f2qqWCa3hltoZxM4khrfWkNMZYw
KBs0Pxg7d0SL6/TZbNlrXJ7K6PWvqoe0gmkmkz0pz/1dHGgKBDwoT3Q5Y5k5bxCk
3TExTEaAhsKLXeiLzN//hyMvOOiK1UZmR87KEL6TQS1Ye/qV5tbfxsZwwy6rKxVX
rCuhdRd41dRsY88hst3qUQAcuuDcAc/TfXdO/6QZdiA/fR7MVJbbmM4CrKtmc4pe
6svJ7xgCtSYQBsz91h1KBeJi1lIeF39Z4zMbVk7eqq4cN7zLQqvdBezYJewWafIV
OUdERP19tI5mZsdKgXKOwC3gvOF/sjPjzO7HOZJpGa6DBJk6vB8as/M+uywfJqP1
eiraGzlHr0BC1l08Ekxg/odv8SWN0hx7ty5MkbXPD0EsQvHBTfXTWGq9QngIvkbw
e+ZikgWY35xTk/FeejnEXpat7syUXWl+hCw0mcbBjyIVOijGl1NfNMYvhrzOZtYt
qxAZf2mQdTDQoXeaIrnV/AcbFtC26sNk3WGhIh7nIt0Cj/0UmLQDFWimDZWWezHH
5a2EhC22e26ilD0bmiXHrnoho16KaUP2yxB/DHlK+S+PaF+fLKn3QoEDYbWCkE6G
MMQxwggtMZx11rHYhAmKWP8iXPrEwkpTd+xZxaVSXwJ88gxZmzA=
=pFlC
-----END PGP SIGNATURE-----