it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 4918-1] ruby-rack-cors security update
- Date: Tue, 18 May 2021 14:42:40 +0000
- Authentication-results: mail02.piratenpartei.de; dkim=none; spf=none (mail02.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1lj0vg-0005Fb-Jf AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=ixYonnhqgQ8nEtFkbBb7QT1Tc8rAs8D5KP2MtkJ1gec=; b=IR tMoil8GJiDSm92ZiVDOxiXti8QwD3kbbn7CiglJjFhpHQQ76eSVf4VYHUpquiGwxKHbO+39QU32Mt JNwor+KYf4ap8GYYPVz4bPB8v5wB4MqALtOLFqIldkGVeYyrK5PM/RxlFRqkNljpvUOrmS0HCJFcD Dn0lh0/cjv4/MMi9waIoXwENsK3RhmI0G8PuKznVWKEwgBItlzrD21RTOBVqKf2Tai6r70x3aRwL6 wR1CkWMW+y1HP69QMfUB1v5TIw/RlX4wCQuditg8BDyIBoNyMRxabxlmibrWFCiB+84a1oFZDWKxk ve01ybxlF8U2kuZW/e93D3GM836kl3jA==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Tue, 18 May 2021 14:42:57 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <AZdh20WVpxF.A.xZ.xJ9ogB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4918-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 18, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ruby-rack-cors
CVE ID : CVE-2019-18978
Debian Bug : 944849
Improper pathname handling in ruby-rack-cors, a middleware that makes
Rack-based apps CORS compatible, may result in access to private
resources.
For the stable distribution (buster), this problem has been fixed in
version 1.0.2-1+deb10u1.
We recommend that you upgrade your ruby-rack-cors packages.
For the detailed security status of ruby-rack-cors please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rack-cors
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCj0dBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qa5RAAj83zCX2vWyCHGB666nYEbcFjPdU47TpZiUV3FRbwlR2dLPO0T4AW+SFv
XFwGUiCh3BcZouLO5fv+mmkxgj9/0K22q8Y3Ak1pkdJyk5Jr8afyftrgDCMMk6HO
aiGmqMj/CVrOnyILgkUlQzGhFJk7JRmstwM/q9kkpKOWaFzuMsSHtpolM8TJqUyt
x5SmnJlk/uNmOpXzq5LHfF1jGH8IhbGQLcFmnu40AspNRJWBF6TEEYgHJCSJ2+8b
nkDoC/3yRpFpWpv9jgcnEmZ3cHJcKAlqmNHSCHMTBUC8gVDSJL3Ncdg+7OHmg+pZ
FxmM63RJOtV+3p7K8iXvwBL9WxdbIF6yRC8haLYW6VSr11CbNXNmSqfMfXLdJUkB
xY15rYMBNEW4e0NJ9CMBZQaIIvjHNo0l2YBwG66FSd3HPH7rR+eCAsLuUcJNvB/F
TwMCiqLPsVE5G6SvvbbkQitqcK24f9fjEKP5MJtz9Ozaa6r0s5LDteg2jPL2yKOf
BcMKu5dD3u21UXm0594thouOdKOtZKn/sxal91kuhSDy/r7hZb1O6nShngDjgE0A
mODzUgKm9HQFcySbOgYFh1oElKmWvhLtFrhhycne8bKARso0XfK95tXeyOB5J/yS
O2k5i4UjMCOB8OSmZ64b1XSqsHKm/uRkU3ZU2HL38Hm1pH5TeZw=
=wNnZ
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 4918-1] ruby-rack-cors security update, Salvatore Bonaccorso, 18.05.2021
Archiv bereitgestellt durch MHonArc 2.6.24.