-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Oct 2025 08:52:58 +0100
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 3.1.18-1~deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Closes: 1117627 1117628 1117855 1117856
Changes:
 ruby-rack (3.1.18-1~deb13u1) trixie-security; urgency=medium
 .
   * New upstream version 3.1.18.
     - CVE-2025-61772: Multipart parser buffers unbounded per-part headers,
       enabling DoS (memory exhaustion).
     - CVE-2025-61771: Multipart parser buffers large non‑file fields
       entirely in memory, enabling DoS (memory exhaustion).
     - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS
       (memory exhaustion).
     - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may
       allow proxy bypass.
     - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead
       to memory exhaustion.
     - Closes: #1117855, #1117856, #1117627, #1117628
Checksums-Sha1:
 bf9e5ba88585d917f3e072b0ebabe0abb0e0375a 2392 ruby-rack_3.1.18-1~deb13u1.dsc
 f358e5c6c93492298cada4c1da6d7db167d161ab 796966 ruby-rack_3.1.18.orig.tar.gz
 5ac20e75f8efaf49c51caf5923a8f326a23529dd 7816 ruby-rack_3.1.18-1~deb13u1.debian.tar.xz
 b1b05ab49fff98bfe1d53e1738c90fa6fbdcafba 15798 ruby-rack_3.1.18-1~deb13u1_source.buildinfo
Checksums-Sha256:
 1ef32d6a0ff7613c3bf4ddd2a6b3f54f3c550a4b59980776c79778ee1ca4c410 2392 ruby-rack_3.1.18-1~deb13u1.dsc
 7d6d19dd11565706cd4eb0d3952ac0e54b21d0e197c68d4093ec56ebe860ff80 796966 ruby-rack_3.1.18.orig.tar.gz
 32f523a746abdaf29900eed73dac5ee6a70d12f94013e1b4c0eb6623d3a37c96 7816 ruby-rack_3.1.18-1~deb13u1.debian.tar.xz
 c1722824ba5c81f05acab4606828cb3f2e964b7677c90d39fd8d2fb0977c3b8a 15798 ruby-rack_3.1.18-1~deb13u1_source.buildinfo
Files:
 a04f20b797df1c54ba819ed7f8bd7436 2392 ruby optional ruby-rack_3.1.18-1~deb13u1.dsc
 19b3825059eeb5f37aeba510663be6cd 796966 ruby optional ruby-rack_3.1.18.orig.tar.gz
 ffb7ea215187fc22325b54d28df659e2 7816 ruby optional ruby-rack_3.1.18-1~deb13u1.debian.tar.xz
 b9acddf1327aeb33d4f20ef996f6987f 15798 ruby optional ruby-rack_3.1.18-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmkEru4THHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlurQD/0V/bBuAq0mQZfng6Pjh/P550NXpsfy
T042OvgpJ9QqgR6e8kT7ExIhrMda5yDuYQGxvS3jL7cpDtw2HEOAGP7ciJKZ3Zgx
ezpb/fbzgKEIz82S6ObfXdNK9/Os4T20zaaME6X9ABUprDpH4BNoQsu5RwF3EHMU
k51gCskTdP9VA55hPdeDMVAsPHIo4xzCc90WC7M8/TVdz5nEcbSMkjFUC/GcKcm3
Hew0SHIxmjOW1yEcCWzYURskMviKg7/O2j64JYUxmhQAOLCyuRsGSEOvaB8avYcR
xKyXkhOxkXhvKQeseXgE+eTpVMVe4C6E0r93b56DuyOxYlOePfxmG3Z6E7aavU3U
+KQNQqM2zaltAJjCoyVD0/oBsWAdYTgd0R2NEXFi5ikBS1shyxaMGCbL6keno0GN
gf6vraLKm0jgVlqxDuB5ckOSUlno1ytu+gmoSUOAjI7n1qI3JwU431iikoRytcxD
k2LYJfRWfpQFzUHqGDdJZVtw6MbCXDtJT+5mvAdO3s+jV+bkgPwtlmH9Kik2WObI
tpC2Dni3hvfuzb9cdEBLhbghUa1+GqFoKRl6egRPiny6mid0iCR/fF57S/kntVrQ
8CMxBYHLnYSi0g5EDhCoJ4CWqS+1EZFV44u608vRu5WggoMq0vY4/vuFwsU3yePi
CJ3VmJ7hQbAlhQ==
=jMhL
-----END PGP SIGNATURE-----