-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Oct 2025 08:52:58 +0100
Source: ruby-rack
Binary: ruby-rack
Architecture: all
Version: 3.1.18-1~deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Description:
 ruby-rack  - modular Ruby webserver interface
Closes: 1117627 1117628 1117855 1117856
Changes:
 ruby-rack (3.1.18-1~deb13u1) trixie-security; urgency=medium
 .
   * New upstream version 3.1.18.
     - CVE-2025-61772: Multipart parser buffers unbounded per-part headers,
       enabling DoS (memory exhaustion).
     - CVE-2025-61771: Multipart parser buffers large non‑file fields
       entirely in memory, enabling DoS (memory exhaustion).
     - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS
       (memory exhaustion).
     - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may
       allow proxy bypass.
     - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead
       to memory exhaustion.
     - Closes: #1117855, #1117856, #1117627, #1117628
Checksums-Sha1:
 e41c5e7cbfd1200502bb20bedacd4bbfb3af3565 8267 ruby-rack_3.1.18-1~deb13u1_all-buildd.buildinfo
 dff09990c1528614094d6596ef37e81fa80e0c09 99864 ruby-rack_3.1.18-1~deb13u1_all.deb
Checksums-Sha256:
 f93da301dd52222c98049bf8ba87adba9cd0509e320aacc700173e4898c78e99 8267 ruby-rack_3.1.18-1~deb13u1_all-buildd.buildinfo
 5128dd91a6986adae1d2e8cc6d790ea1d5b47d10310cc17d0eeec70953223a43 99864 ruby-rack_3.1.18-1~deb13u1_all.deb
Files:
 22faa1316929b9f28bde8b990ee6e26f 8267 ruby optional ruby-rack_3.1.18-1~deb13u1_all-buildd.buildinfo
 9b0c95643e12fb94152c81e0051189e3 99864 ruby optional ruby-rack_3.1.18-1~deb13u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmkEtRQACgkQJuP6X4A0
XeJV3Q/+NuTt6lqLPS8EK7E1uuvVvA464FE53v9SMC4EHYm6Te9T3uTrjsGK/jJr
mkCgf8hcOmA32Z4UwVCl8ri5kvPuGI7N4h1rYGAEZJWShIfXGADPIvyEVs1xNxw4
Mv0ptjy+/JK0KMcgrOWWMWTvFxVS54nhz8pXeTToJsiaOFofeW9SLsiTW9x4X2ZE
1nSyIqzLlKrthbMH09BjYXjTy911HwI+K+v8X0VEK+QvO+H26zFqEpvkAhFwsjPU
uFwXI6baHZTeTU/4ffc9Tu5WWYtZwySj+7HbqZLqbed9/IQwMXEf7FSkuvN3HTSI
+o+mtTuSFChDXkTp7ErK6NCMHAY7/tIzvt6tVAa2FzdzxUobRfVECUn7QTFGNe5b
Ms/OjWu2ntbz8eZYIl8gsG4GgNksGySDYBBD1gZMVplOKe9ZpF0Nnf1/9r2i9z5o
8GLYBHN6dpZs1ut3lMT0TcUm/Dh0bC9MXGqDf1RYdGyVzoALK5VMQ/5Jb4E01C+s
uNWUfxFg98/bs1aOu6KDv9S8XlA4Sm584h9ZMqG97b8lNxCsYcoiMz54OssGNgOf
tZe5R4+wsNpOKFxBGzvM61ie4WUOMeqfxftNIDBMIp3sIqlqKYg533XQl2n8Bjfo
7PFWA7V0qcg61FgIMFJ5k0S+I5nQ7ufhPU/Fy3aABOOKTfq1sy0=
=piDt
-----END PGP SIGNATURE-----