Information on source package ruby-rack

Available versions

Release	Version
bullseye	2.1.4-3+deb11u2
bookworm	2.2.6.4-1+deb12u1
trixie	2.2.7-1.1
sid	2.2.7-1.1

Resolved issues

Bug	Description
CVE-2024-39316	Rack is a modular Ruby web server interface. Starting in version 3.1.0 ...
CVE-2024-26146	Rack is a modular Ruby web server interface. Carefully crafted headers ...
CVE-2024-26141	Rack is a modular Ruby web server interface. Carefully crafted Range h ...
CVE-2024-25126	Rack is a modular Ruby web server interface. Carefully crafted content ...
CVE-2023-27539
CVE-2023-27530	A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and ...
CVE-2022-44572	A denial of service vulnerability in the multipart parsing component o ...
CVE-2022-44571	There is a denial of service vulnerability in the Content-Disposition ...
CVE-2022-44570	A denial of service vulnerability in the Range header parsing componen ...
CVE-2022-30123	A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 a ...
CVE-2022-30122	A possible denial of service vulnerability exists in Rack <2.0.9.1, <2 ...
CVE-2020-8184	A reliance on cookies without validation/integrity check security vuln ...
CVE-2020-8161	A directory traversal vulnerability exists in rack < 2.2.0 that allows ...
CVE-2019-16782	There's a possible information leak / session hijack vulnerability in ...
CVE-2018-16471	There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. ...
CVE-2018-16470	There is a possible DoS vulnerability in the multipart parser in Rack ...
CVE-2015-3225	lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used ...
CVE-2013-0263	Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, ...
CVE-2013-0262	rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before ...
CVE-2013-0184	Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x ...
CVE-2013-0183	multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 ...
CVE-2012-6109	lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x ...
CVE-2011-5036	Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...

Security announcements

DSA / DLA	Description
DSA-5698-1	ruby-rack - security update
DLA-3800-1	ruby-rack - security update
DSA-5530-1	ruby-rack - security update
DLA-3392-1	ruby-rack - security update
DLA-3298-1	ruby-rack - security update
DLA-3095-1	ruby-rack - security update
DLA-2275-1	ruby-rack - security update
DLA-2216-1	ruby-rack - security update
DLA-1585-1	ruby-rack - security update
DSA-3322-1	ruby-rack - security update