-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4918-1
security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
May 18, 2021
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ruby-rack-cors
CVE ID : CVE-2019-18978
Debian Bug : 944849
Improper pathname handling in ruby-rack-cors, a middleware that makes Rack-based apps CORS compatible, may result in access to private
resources.
For the stable distribution (buster), this problem has been fixed in
version 1.0.2-1+deb10u1.
We recommend that you upgrade your ruby-rack-cors packages.
For the detailed security status of ruby-rack-cors please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rack-cors
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCj0dBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qa5RAAj83zCX2vWyCHGB666nYEbcFjPdU47TpZiUV3FRbwlR2dLPO0T4AW+SFv XFwGUiCh3BcZouLO5fv+mmkxgj9/0K22q8Y3Ak1pkdJyk5Jr8afyftrgDCMMk6HO aiGmqMj/CVrOnyILgkUlQzGhFJk7JRmstwM/q9kkpKOWaFzuMsSHtpolM8TJqUyt x5SmnJlk/uNmOpXzq5LHfF1jGH8IhbGQLcFmnu40AspNRJWBF6TEEYgHJCSJ2+8b nkDoC/3yRpFpWpv9jgcnEmZ3cHJcKAlqmNHSCHMTBUC8gVDSJL3Ncdg+7OHmg+pZ FxmM63RJOtV+3p7K8iXvwBL9WxdbIF6yRC8haLYW6VSr11CbNXNmSqfMfXLdJUkB xY15rYMBNEW4e0NJ9CMBZQaIIvjHNo0l2YBwG66FSd3HPH7rR+eCAsLuUcJNvB/F TwMCiqLPsVE5G6SvvbbkQitqcK24f9fjEKP5MJtz9Ozaa6r0s5LDteg2jPL2yKOf BcMKu5dD3u21UXm0594thouOdKOtZKn/sxal91kuhSDy/r7hZb1O6nShngDjgE0A mODzUgKm9HQFcySbOgYFh1oElKmWvhLtFrhhycne8bKARso0XfK95tXeyOB5J/yS O2k5i4UjMCOB8OSmZ64b1XSqsHKm/uRkU3ZU2HL38Hm1pH5TeZw=
=wNnZ
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)