Dear Debian Security Team I'v created patche in order to fix CVE-2015-3225 for wheezy, jessie.
#789311 (CVE-2015-3225) Please consider to update stable version of ruby-rack with attached debdiff to close those CVE issues. # BTW, due to the unreported FTBFS issue about ruby-rack in jessie, we # can't build package without "DH_RUBY_IGNORE_TESTS=all"... Best Wishes, Youhei On Sat, 20 Jun 2015 02:38:32 +0900, Salvatore Bonaccorso <car...@debian.org> wrote: > > Source: ruby-rack > Version: 1.4.1-1 > Severity: important > Tags: security patch upstream fixed-upstream > > Hi, > > the following vulnerability was published for ruby-rack. > > CVE-2015-3225[0]: > Potential Denial of Service Vulnerability in Rack normalize_params() > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-3225 > > Regards, > Salvatore --- Youhei SASAKI <uwab...@gfd-dennou.org> <uwab...@debian.or.jp> GPG fingerprint: 4096/RSA: 66A4 EA70 4FE2 4055 8D6A C2E6 9394 F354 891D 7E07
ruby-rack_wheezy.debdiff
Description: Binary data
ruby-rack_jessie.debdiff
Description: Binary data
