[DRE-maint] Bug#1104928: marked as done (ruby-rack-session: CVE-2025-46336)

[Debian Bug Tracking System]

Your message dated Tue, 15 Jul 2025 12:36:13 +0000
with message-id <e1ubetj-00co3j...@fasolo.debian.org>
and subject line Bug#1104928: fixed in ruby-rack-session 2.1.1-0.1
has caused the Debian Bug report #1104928,
regarding ruby-rack-session: CVE-2025-46336
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1104928: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104928
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: ruby-rack-session
Version: 2.1.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for ruby-rack-session.

CVE-2025-46336[0]:
| `Rack::Session::Pool` sessions can be restored after deletion


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-46336
    https://www.cve.org/CVERecord?id=CVE-2025-46336
[1] https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
[2] 
https://github.com/rack/rack-session/commit/c58ad7952cc7d0649f0ea9c78d55049739c49e5a

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: ruby-rack-session
Source-Version: 2.1.1-0.1
Done: Bastian Germann <b...@debian.org>

We believe that the bug you reported is fixed in the latest version of
ruby-rack-session, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1104...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Germann <b...@debian.org> (supplier of updated ruby-rack-session 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jul 2025 13:10:44 +0200
Source: ruby-rack-session
Architecture: source
Version: 2.1.1-0.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Bastian Germann <b...@debian.org>
Closes: 1104928
Changes:
 ruby-rack-session (2.1.1-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream version 2.1.1. (Closes: #1104928, CVE-2025-46336)
Checksums-Sha1:
 945781441ddc4a9262be5e96a5059f8d266b7ae2 2060 ruby-rack-session_2.1.1-0.1.dsc
 a1ce3db22519fff6283776b5b7438fbbf40bb385 25063 
ruby-rack-session_2.1.1.orig.tar.gz
 e781e0d7b7b0fca1cab44cc3461e3d5034c48784 3708 
ruby-rack-session_2.1.1-0.1.debian.tar.xz
 0ed476f4a6e360c12ea466fe2ec9bdfed9f714ae 7945 
ruby-rack-session_2.1.1-0.1_source.buildinfo
Checksums-Sha256:
 7e29d7fb8327a892544e50275333cb43ee892598cf8519118588bcceb2bf25f4 2060 
ruby-rack-session_2.1.1-0.1.dsc
 017498e6e0cdabae278256aac18043342b191110e4684a1971bbe295acdf180a 25063 
ruby-rack-session_2.1.1.orig.tar.gz
 256d52df6ae742d99a4c534b2c511e027e7ca35f2815b1a67923559d7748ba28 3708 
ruby-rack-session_2.1.1-0.1.debian.tar.xz
 95b1701cae69da38d27d173830e3dbadcae299a900a824f1a641050280cf006e 7945 
ruby-rack-session_2.1.1-0.1_source.buildinfo
Files:
 387fcf79db78af1d5cb5eaea0093973e 2060 ruby optional 
ruby-rack-session_2.1.1-0.1.dsc
 b8ae9c668a990af8b3320c39935d61e5 25063 ruby optional 
ruby-rack-session_2.1.1.orig.tar.gz
 643f4d37148ce00b18d31f474393ffce 3708 ruby optional 
ruby-rack-session_2.1.1-0.1.debian.tar.xz
 71c3c66a0e56c5bdbf73e1dad4c28b1c 7945 ruby optional 
ruby-rack-session_2.1.1-0.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmh2RlgQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFMvFDAD1W+EevLUWIhE49D2LERFTWrxxKu/5By1o
MK4ayFcId60J1ggYMjG0dgFlCOZcr0j2VpP0JaeEQ7xIOi3nf+TcdkevIE6FP53b
F05dRM7i172+fyKQKIiJOUokW7Ugxjn0rNm/eC/szbqTHcDI6WQOjbpVuW5UNj4p
bxNw5229rI8oFjkLdd9b9MakWH0YTZcCMuzawJw7dqIPX4KwgTPjxjT1hElbEmHp
iVKMbFqa1J3sGPVO1IaeRC/ra7fsOeNCHBNo5ACARW0VVL+AtZ3/GP+r73mVY9/l
I4MjSzwB6t61LujMujDbeTVGW36rcowsObg6395BC+cIgj4zFuKQHq856tCIH+4d
YigpzX5rL32FiffpwR56bkLq+MVG7qpvfDAqj9UJjgPqiwMzpcgUB1GYviHzO9Qe
r4MjZEX0VXly5sMoPWg68i491YA15mOZ69t/5VnXK+wa33BUmP82+rK7MmIL0+Wc
SVFmH+0Dq0IHKue2MJx9CdI0hJGGVEo=
=4pfO
-----END PGP SIGNATURE-----

pgp73o_LD_fDH.pgp
Description: PGP signature

--- End Message ---

_______________________________________________
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers