-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jan 2025 07:26:33 +0530
Source: puma
Binary: puma puma-dbgsym
Architecture: amd64
Version: 5.6.5-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Abhijith PA <abhijith@debian.org>
Description:
 puma       - threaded HTTP 1.1 server for Ruby/Rack applications
Closes: 1050079 1060345 1082379
Changes:
 puma (5.6.5-3+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * d/patches/
    + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
      parsing chunked transfer encoding bodies and zero-length
      Content-Length headers in a way that allowed HTTP request
      smuggling. (Closes: #1050079)
 .
    + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
      chunk extensions. (Closes: #1060345)
 .
    + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
      values set by intermediate proxies (such as X-Forwarded-For) by
      providing a underscore version of the same header.
      (Closes: #1082379)
Checksums-Sha1:
 ccd97f9733258b96b4f504a81acd5f28c175931d 37944 puma-dbgsym_5.6.5-3+deb12u1_amd64.deb
 8ddbcb82cb6802067ae925e4752c6e30ef22fcaa 9823 puma_5.6.5-3+deb12u1_amd64-buildd.buildinfo
 bf51c26db7604c7f4f9f9e2de671c7e7d71c7cd8 156188 puma_5.6.5-3+deb12u1_amd64.deb
Checksums-Sha256:
 1ec68531115306e8a209164185473d252fa9d5f8559d58fb6264afd7c57e3ebe 37944 puma-dbgsym_5.6.5-3+deb12u1_amd64.deb
 c5952903421133c9c851d5184f9e67c22002ae6ff7db2764d7bab4a52ef45220 9823 puma_5.6.5-3+deb12u1_amd64-buildd.buildinfo
 c186598fe4dda3e609773f89e49cb9ffb2d12b8202ffb067c76a5f36839980b0 156188 puma_5.6.5-3+deb12u1_amd64.deb
Files:
 42aa597b985a28884c878dbb849c7b57 37944 debug optional puma-dbgsym_5.6.5-3+deb12u1_amd64.deb
 15ff11936a4aecdc15c6cc63eb7b916c 9823 web optional puma_5.6.5-3+deb12u1_amd64-buildd.buildinfo
 6c43e7b8c2f39a9f711c2390061aa00b 156188 web optional puma_5.6.5-3+deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgdRoRGwEM09wlaMzOni7ZmUpKEcFAmeeofIACgkQOni7ZmUp
KEd8SA//U/swCpxTPTXRSA8kuDnrqEw8sWqu4aIabG+fo3w3jqlkbr2O+e4WSI12
Bh/cD0q9feGVBl4Gm1/xW8cJJyV+AFG6yRLiFo2DNLcSLP+sE8bxyGOngQr2eqEA
CcaW+qx1nNntzWqgQ4PrVczVlbQt1lqVV8YudjFstZthvFmGImWCm/Ut9bLc6Dz1
XTyJhKmN7X4T3YDSolN+H8dvo8PtUmtldGka/8sxSvC5YMiv5zEGeQxiG1RKK9+7
Hurqu1NNqRzDnTuryiGI+729mskI5s/8h9j/scpO5BYbjPg0ZN0R/HpuTZCiS8RJ
1MkC9TTnqIg5hUvq/KaQUdgK2sY9MFXK4sfD1J8ZW1+fsKHNE8J2197OH3wXWXA9
9TiNhka9Vx7EuHnh8fFUOufbDk1b/T8R75r4LE3s0KHA73tCoRCfRyjpqnyJc+rY
Vx+KRcqUglX8ACWOIlrDwNRnHmuYyxc4k2UB22B+OHNYVfxk8G6ZwuqQt1B4waRB
woGgyyXr8H4Zhluvqx5sSZ/fkVRfY/l3BHMHamYPILmdvbVYvgxRW/ilvMdeBb5p
h19Q7G7tkEULcMYcxJppd1kfa874JRr08lYFzuSPNEQqmmSKruOthDDV7EZJCPRB
f5tcu4bzeb5w16/SWsGs+ZdlfdxgA5CzQ+kSS++tOtIqpRXuY7Q=
=yhs8
-----END PGP SIGNATURE-----