Debian 9988 Published by

A ruby-rack security update has been released for Debian GNU/Linux 9 Extended LTS to address a couple of ReDoS vulnerabilities.



ELA-785-1 ruby-rack security update

Package : ruby-rack
Version : 1.6.4-4+deb9u4 (stretch)

Related CVEs :
CVE-2022-44570
CVE-2022-44571

A couple of ReDoS vulnerabilities were found in multipart parser and Rack::Utils.byte_ranges in ruby-rack, a modular Ruby webserver interface.

  ELA-785-1 ruby-rack security update