Debian 10159 Published by

A librack-ruby security update has been released for Debian 6 LTS



Package : librack-ruby
Version : 1.1.0-4+squeeze3
CVE ID : CVE-2015-3225

There is a potential denial of service vulnerability in Rack, a modular
Ruby webserver interface.

Carefully crafted requests can cause a `SystemStackError` and cause a
denial of service attack by exploiting the lack of a sensible depth
check when doing parameter normalization.

We recommend that you update your librack-ruby packages.