-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Jan 2025 07:26:33 +0530 Source: puma Binary: puma puma-dbgsym Architecture: armhf Version: 5.6.5-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-05) Changed-By: Abhijith PA Description: puma - threaded HTTP 1.1 server for Ruby/Rack applications Closes: 1050079 1060345 1082379 Changes: puma (5.6.5-3+deb12u1) bookworm; urgency=medium . * Team upload * d/patches/ + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. (Closes: #1050079) . + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of chunk extensions. (Closes: #1060345) . + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header. (Closes: #1082379) Checksums-Sha1: 70478df3d1bebd8ec55f9c20d3fed8c80ec9bc53 35612 puma-dbgsym_5.6.5-3+deb12u1_armhf.deb 30bf5330627b9d2b99886a4eca6079d70b3a4f38 9698 puma_5.6.5-3+deb12u1_armhf-buildd.buildinfo 72422e8f74ecfb1ff6757aab37e069ae34283dac 154148 puma_5.6.5-3+deb12u1_armhf.deb Checksums-Sha256: b79341f1b389f4f0654c039173b363a1a692a498964f0a16c08dbbce7e24aea3 35612 puma-dbgsym_5.6.5-3+deb12u1_armhf.deb 3f81a7dbe33208acf146577613cc1f19d403435efd8db928984f602a031dae02 9698 puma_5.6.5-3+deb12u1_armhf-buildd.buildinfo c742067332de2cab0515ca68c2a88c99aa88a189dfcef5e538070b594a16268a 154148 puma_5.6.5-3+deb12u1_armhf.deb Files: 054b5c9829f2f809eeafe8e6db103168 35612 debug optional puma-dbgsym_5.6.5-3+deb12u1_armhf.deb 49f5df07c07bfba8ce8fb388b9dd6764 9698 web optional puma_5.6.5-3+deb12u1_armhf-buildd.buildinfo ab3f4417fffcfbbc1a1d3b988a842e47 154148 web optional puma_5.6.5-3+deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmbvtGd+QaAE2Bi5fsFgOvjtRcdMFAmeen0EACgkQsFgOvjtR cdMxWg//Z34Lz5oFXnXrBX0QiOCAl5EcqLIVSJto6j04KJJkw24RwBDSs3TwgEWk jIhymOwKk9mdfHPFgfVwshVnKQN3F/Q7n4ZmuFAaQXNIbSpnHdyYgx2dhVSwdgd2 Uqe6TP8nTsIYri/z1ofg1nYtGMfW66shNe8NsAw8L+eUhoSEm7UV8Q4kp7nSvhl0 0VfAujx7OiMJy0/ZDl9r9SUNi9UYfEFC1jqNcJM4WrFso3Sg/siPj+RcINFKYtKx 4YVddCESuAJrxWSOQJBbvxNXrAB0B1vKginiYeDVWVVnFJlEJmxPveGqQy9Ngiy1 I2tcZJbmJUix4PAvluzuEauXnvYX9bc9GwgwHCiAYgSwbqRK3zRNZrVn7lpxjFAM vX5lD1iRORLh7heCVVfsHdIENTbS4Zuq8P2s1xFqEec5MpCTB8l1eZ+8eRW1vAhQ 9Y5ezcMe5QdCyjB+5rXjJtP19mioHjCWMcHaxnWLfKK03sKq9y6j7FF9AcyFr5Ku LlMsjqzvofk2oCcVY2bqdUPH8fi3KxH1EetUVwIs44CEmMv6Vio16Yypoctv7fOP BIFwYOXeKxnDqtdlT7UEGL+TKyivGZjjUGHKbgLR+qmK85lYTyu2ARV9ud5LM0iN /RZNTYvoxutWBNXQcH4aTIe4po1hhSLxafHw6Drc3FTe08w2pOc= =ZA5A -----END PGP SIGNATURE-----