-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jan 2025 07:26:33 +0530
Source: puma
Binary: puma puma-dbgsym
Architecture: i386
Version: 5.6.5-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Abhijith PA <abhijith@debian.org>
Description:
 puma       - threaded HTTP 1.1 server for Ruby/Rack applications
Closes: 1050079 1060345 1082379
Changes:
 puma (5.6.5-3+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * d/patches/
    + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
      parsing chunked transfer encoding bodies and zero-length
      Content-Length headers in a way that allowed HTTP request
      smuggling. (Closes: #1050079)
 .
    + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
      chunk extensions. (Closes: #1060345)
 .
    + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
      values set by intermediate proxies (such as X-Forwarded-For) by
      providing a underscore version of the same header.
      (Closes: #1082379)
Checksums-Sha1:
 1eec91e5ebaff23aaefd478dfacbb657dde3f645 33468 puma-dbgsym_5.6.5-3+deb12u1_i386.deb
 4a2bc534050129021414d77cbee3621923cd2e5d 9763 puma_5.6.5-3+deb12u1_i386-buildd.buildinfo
 0cf2054cd2172f870da9e1d255f5378e0527b8d5 156956 puma_5.6.5-3+deb12u1_i386.deb
Checksums-Sha256:
 d9598af12ec4b6d8b75a47a69d8ca171e642a6852ccbcd34d3833db9b85963f3 33468 puma-dbgsym_5.6.5-3+deb12u1_i386.deb
 5f43e17ac17ab64a169ba54151976d5b8d69073a6856c41aa5b1981b751108da 9763 puma_5.6.5-3+deb12u1_i386-buildd.buildinfo
 28c36b5c33c506fa8fbab61490cdc6a83cf5a865b90d617fc57fcf07ab169574 156956 puma_5.6.5-3+deb12u1_i386.deb
Files:
 a792c3f88338f178145449e4e35c52d1 33468 debug optional puma-dbgsym_5.6.5-3+deb12u1_i386.deb
 7748945a828e747be542b5be99ec41b6 9763 web optional puma_5.6.5-3+deb12u1_i386-buildd.buildinfo
 ddd5b555cba716269409c879165ab32a 156956 web optional puma_5.6.5-3+deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvy6d65NNYPbL6IQIEQ1nooK/IAQFAmeepCMACgkQEQ1nooK/
IAR/Dg//YbU53B74Y61eGluvqe64JldyRFekA3HxFfW/puqeTb3j9HNA7riTTszq
AXMloUoSPNAlMzpsUI+i3FVJbClaCf5cW3sLR6ipUM5qKQRm3PHISgoqruzRmAjQ
KuCR5R6Y4h1Od9nZs7O2tsrLJNCJ55/NINGybTzzbwNlKpZDlIxGhB1QS4ct0INl
LtFv3/tqHCwag5FpN7713U5n+2s5BJWOxb5TBVF1pU0+z0c3DquD4TyBVEXkfTbN
HPIUpfiz6rBxZVzupVtoC2xrZ6gEWvAqzxaGG9cMQs7Wn63DbnjEEqDwrJIRP/ky
1ebSFhin0NJLu/zCeIWuEZ7ot5DZtYmutG9dhUDYN2aeTpQLwBPsqxKxVTCwxIMi
v9LN6QK6P4rc87sHbeHAZnPAt6utHbCOv/zX16zAnUytNO+QV37iQr7Ey3uc+ABv
nGhWPHu/MCnrZMb/BsVCfd+aYpFmFj5rR6WATDPFXUMhEjt2jWIBa3gUjTvv62yf
ZTI1gFpiZxYKGql5+5LUlYhf88VJWwhgFO5DF+Zc5D5vBxQs/Zixde5nyV1Qozxd
1+4BHEwnYFIQTxX5hSXlkxtQABHZynvOenBCPWwwg6XWZEhAUgRhs2FsEcDxjHYT
gjEO7hF6JHB3z/9fV75E+Mn7z0NEQI0Qw5ZYfwp/kuw7xpoaR6c=
=BC9T
-----END PGP SIGNATURE-----