1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4918-1] ruby-rack-cors security update

    From Salvatore Bonaccorso@21:1/5 to All on Tue May 18 16:50:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4918-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    May 18, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ruby-rack-cors
    CVE ID : CVE-2019-18978
    Debian Bug : 944849

    Improper pathname handling in ruby-rack-cors, a middleware that makes Rack-based apps CORS compatible, may result in access to private
    resources.

    For the stable distribution (buster), this problem has been fixed in
    version 1.0.2-1+deb10u1.

    We recommend that you upgrade your ruby-rack-cors packages.

    For the detailed security status of ruby-rack-cors please refer to its
    security tracker page at: https://security-tracker.debian.org/tracker/ruby-rack-cors

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCj0dBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qa5RAAj83zCX2vWyCHGB666nYEbcFjPdU47TpZiUV3FRbwlR2dLPO0T4AW+SFv XFwGUiCh3BcZouLO5fv+mmkxgj9/0K22q8Y3Ak1pkdJyk5Jr8afyftrgDCMMk6HO aiGmqMj/CVrOnyILgkUlQzGhFJk7JRmstwM/q9kkpKOWaFzuMsSHtpolM8TJqUyt x5SmnJlk/uNmOpXzq5LHfF1jGH8IhbGQLcFmnu40AspNRJWBF6TEEYgHJCSJ2+8b nkDoC/3yRpFpWpv9jgcnEmZ3cHJcKAlqmNHSCHMTBUC8gVDSJL3Ncdg+7OHmg+pZ FxmM63RJOtV+3p7K8iXvwBL9WxdbIF6yRC8haLYW6VSr11CbNXNmSqfMfXLdJUkB xY15rYMBNEW4e0NJ9CMBZQaIIvjHNo0l2YBwG66FSd3HPH7rR+eCAsLuUcJNvB/F TwMCiqLPsVE5G6SvvbbkQitqcK24f9fjEKP5MJtz9Ozaa6r0s5LDteg2jPL2yKOf BcMKu5dD3u21UXm0594thouOdKOtZKn/sxal91kuhSDy/r7hZb1O6nShngDjgE0A mODzUgKm9HQFcySbOgYFh1oElKmWvhLtFrhhycne8bKARso0XfK95tXeyOB5J/yS O2k5i4UjMCOB8OSmZ64b1XSqsHKm/uRkU3ZU2HL38Hm1pH5TeZw=
    =wNnZ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)