-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jan 2025 07:26:33 +0530
Source: puma
Binary: puma puma-dbgsym
Architecture: arm64
Version: 5.6.5-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Abhijith PA <abhijith@debian.org>
Description:
 puma       - threaded HTTP 1.1 server for Ruby/Rack applications
Closes: 1050079 1060345 1082379
Changes:
 puma (5.6.5-3+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * d/patches/
    + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
      parsing chunked transfer encoding bodies and zero-length
      Content-Length headers in a way that allowed HTTP request
      smuggling. (Closes: #1050079)
 .
    + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
      chunk extensions. (Closes: #1060345)
 .
    + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
      values set by intermediate proxies (such as X-Forwarded-For) by
      providing a underscore version of the same header.
      (Closes: #1082379)
Checksums-Sha1:
 113e0834b2a74a8d24340f17ca79d57c96d0189b 35356 puma-dbgsym_5.6.5-3+deb12u1_arm64.deb
 971d9677aefa0fc3f7c124183618c94bcf224b92 9822 puma_5.6.5-3+deb12u1_arm64-buildd.buildinfo
 70b2564ed3aa1e4011bd34467522b1a94401a127 155528 puma_5.6.5-3+deb12u1_arm64.deb
Checksums-Sha256:
 40a4e9495d502a24a7ccc2f217a6afea4bded9b8711eb75af8ec6e9fa249f572 35356 puma-dbgsym_5.6.5-3+deb12u1_arm64.deb
 19f71dbddb785ee3b6529d09726baf1410aa29163b5fb8fd41c6060c4f52f770 9822 puma_5.6.5-3+deb12u1_arm64-buildd.buildinfo
 8e79a495fd7b63c2c019145cf067746bb61de4807b2eac470113cdca9dd968bf 155528 puma_5.6.5-3+deb12u1_arm64.deb
Files:
 d390f5d1c8aea6ce797abb0c7e2acd4c 35356 debug optional puma-dbgsym_5.6.5-3+deb12u1_arm64.deb
 78ba3289d2dc9c636b11ac1e4d6a854d 9822 web optional puma_5.6.5-3+deb12u1_arm64-buildd.buildinfo
 fde60b05a545793d16cb7d69e91c70f4 155528 web optional puma_5.6.5-3+deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvEwFZ4bqkVI+Rh6t+N4VxR6LZYEFAmeentwACgkQ+N4VxR6L
ZYGBWQ//WHuAPpQEd6543VjLT6X763UUAXIKQKMNHFd6LQD4AyibIX7Ki5zMxWl6
LGAB4rHDJxjae9lMt4fLwcyZkBHxN9CLYMbTMwstzyho7HFqPRvkW7u/Yo4hw70y
jv2pObsS+Qy+TZWFG81TdW+ZuLP8NVrBKSAIzUUj07x5p3we9uh7Y30fCNWDa/+g
YPRFT6CSf6fixH9k5pzm0tmFUI0gS9bVuQzs2XYOA3/YPFSFTG5Jut7Hg61H6z2w
Z+19mXQTECA2zZ7WayO99bLQwtmxYkHxpr3quuIZghuB8A2vLnrRx9SXGbMLPuqt
tWT/RG21LVK+7C5LyN+D1QJx01gfOf9os4YfY3ht0MAWlj+XZP4ys/4Xn2cGTKIn
zRut4T2ik5ZPLrAo1Z1iOSTIuBC3O7ks178sstOSPZGrzwJMDH/jWGzZVyFayQqN
1mL93EJ3SNnHhYiZVB4usg9ifupD/GPmJ7QKs628/qER0KJIslEkx3g8oEXrlZPt
gZglC50BHgg+BHiQjPBBOjNJQVM1g6HwvsV9VwjuYXKIjp09aNIMG0NvUKbDVDH4
sCw52jX0LKhNIxz/cUBB8FDbdOLd26T7VcPdajAupZdjRToaerQJYjGO8SK/Ez52
r13quXs7biyLC0oDdQfmyqIpMyLCyh77kvmtMFulClb9eYpUh3E=
=+naR
-----END PGP SIGNATURE-----