-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jan 2025 07:26:33 +0530
Source: puma
Binary: puma puma-dbgsym
Architecture: armel
Version: 5.6.5-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-02) <buildd_arm64-arm-conova-02@buildd.debian.org>
Changed-By: Abhijith PA <abhijith@debian.org>
Description:
 puma       - threaded HTTP 1.1 server for Ruby/Rack applications
Closes: 1050079 1060345 1082379
Changes:
 puma (5.6.5-3+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * d/patches/
    + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
      parsing chunked transfer encoding bodies and zero-length
      Content-Length headers in a way that allowed HTTP request
      smuggling. (Closes: #1050079)
 .
    + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
      chunk extensions. (Closes: #1060345)
 .
    + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
      values set by intermediate proxies (such as X-Forwarded-For) by
      providing a underscore version of the same header.
      (Closes: #1082379)
Checksums-Sha1:
 9bdb37b489ab3d98147a4df034437d860066f6db 35632 puma-dbgsym_5.6.5-3+deb12u1_armel.deb
 7551ab1611f1720dbe552fac5816b258dc291898 9696 puma_5.6.5-3+deb12u1_armel-buildd.buildinfo
 d21119797156326cc405470f74758f9454f0a386 154052 puma_5.6.5-3+deb12u1_armel.deb
Checksums-Sha256:
 17127d21f2754400c21f09d9b734f066da9b087e83d2475d372b756e0205322f 35632 puma-dbgsym_5.6.5-3+deb12u1_armel.deb
 1ca25bcd30c8826eca7a5d0c920eb73664d9e577eccac5696386ed7bd90532b6 9696 puma_5.6.5-3+deb12u1_armel-buildd.buildinfo
 1a1116487f50abaa525c5e437b9b6888a1148773e1291d7a3624fe68b5a779de 154052 puma_5.6.5-3+deb12u1_armel.deb
Files:
 134c3f1128c58d6cc459a2eb1dfe57b3 35632 debug optional puma-dbgsym_5.6.5-3+deb12u1_armel.deb
 deb69f6b36024c6551790027304b27cc 9696 web optional puma_5.6.5-3+deb12u1_armel-buildd.buildinfo
 f06f4d7207cf0f182aa630b2bcb86ef0 154052 web optional puma_5.6.5-3+deb12u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKAzExpjGvTI78ZO8LARVyvnD3xkFAmeenwIACgkQLARVyvnD
3xk//RAA36JxkJiJViZCmjiJVglDXoUldmGkfIx0FuiA746SmQ1KK1vBGccsKehW
0TYGiaVEyUaWH5tLrTq68C4NsyNYUfNiTArECZxDqF+WtSHm5tS/6r7jVOkYd8B9
vRXC28Kk7QVclcxUCpYVbtmZX7P4EJONQqXoYfckrI1SDGfEzuuJVBtiCOm7iTQl
P+ze2p+W8bowCNFeiC+VTXo11bZsEc7OZSvtdMI7uZngY3IlLsf5dP/2Wuoagnfm
2Angja0s5veOh0RjtzkXI909XlzuxrREqyL1BveJhZrnEWYJKl6iXAfWcKKiTM11
a9BjDM5iB0Vzx4s+grgI7Mj064wK12VHlPWkbfUEYcwTLYIsW6Vacc12XBOT2Rfu
ZOXvSzk+dRfounuGvmuR8BlS5dFUTi6NfRELdRTcHeq9IvNbeWKxse6P9Sv+O8Et
xhnZedkJFJMza+1i7QTXuC9DWja4JoXEsCSvsjBsxfbcTeslSx36imRkC1VvfdcR
wCRc7r1HyPjL0/XfDUYlUPczC/1NoMm8U69Pk9u9HT0zKcxWjyaSCrMa9rYqLtQB
wfCS+7NIv+o1tOKLIn+LUxQaMuJf6PhEDB/4e+sGnUls6tZkP9fHjRxIov+e5+if
ZdGOqkAAL/Mafr4cD8CT/oMbVt94R+rkztEbqGE/m2P2N4YPb5U=
=gZWp
-----END PGP SIGNATURE-----