[DRE-maint] Bug#1104928: ruby-rack-session: CVE-2025-46336

Salvatore Bonaccorso Thu, 08 May 2025 12:32:41 -0700

Source: ruby-rack-session
Version: 2.1.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>


Hi,

The following vulnerability was published for ruby-rack-session.

CVE-2025-46336[0]:
| `Rack::Session::Pool` sessions can be restored after deletion


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-46336
    https://www.cve.org/CVERecord?id=CVE-2025-46336
[1] https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
[2] 
https://github.com/rack/rack-session/commit/c58ad7952cc7d0649f0ea9c78d55049739c49e5a

Regards,
Salvatore

_______________________________________________
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers

[DRE-maint] Bug#1104928: ruby-rack-session: CVE-2025-46336

Reply via email to