XPost: linux.debian.devel.release
This is a multi-part MIME message sent by reportbug.
Package: release.debian.org
Severity: normal
X-Debbugs-Cc:
[email protected]
Control: affects -1 + src:ruby-rack
User:
[email protected]
Usertags: unblock
Please unblock package ruby-rack.
[ Reason ]
Fixes for RC bugs #1104927 and #1109027.
[ Impact ]
autopkgtests fail, CVE-2025-46727 is exploitable (DoS).
[ Tests ]
autopkgtests pass in unstable.
[ Risks ]
The minor version update also includes other changes including one other
CVE fix. I do not think they pose a significant risk as they also come
with additional unit tests.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
I have fixed the bugs via a NMU.
unblock ruby-rack/3.1.16-0.1
diff -Nru ruby-rack-3.1.12/CHANGELOG.md ruby-rack-3.1.16/CHANGELOG.md
--- ruby-rack-3.1.12/CHANGELOG.md 2025-03-10 22:21:44.000000000 +0100
+++ ruby-rack-3.1.16/CHANGELOG.md 2025-06-05 00:27:50.000000000 +0200
@@ -2,6 +2,20 @@
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](
https://keepachangelog.com/en/1.0.0/).
+## [3.1.15] - 2025-05-18
+
+- Optional support for `CGI::Cookie` if not available. ([#2327](
https://github.com/rack/rack/pull/2327), [#2333](
https://github.com/rack/rack/pull/2333), [@earlopain])
+
+## [3.1.14] - 2025-05-06
+
+### Security
+
+- [CVE-2025-46727](
https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion.
+
+## [3.1.13] - 2025-04-13
+
+- Ensure `Rack::ETag` correctly updates response body. ([#2324](
https://github.com/rack/rack/pull/2324), [@ioquatix])
+
## [3.1.12] - 2025-03-11
### Security
@@ -129,6 +143,24 @@
- In