-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Jan 2025 07:26:33 +0530 Source: puma Binary: puma puma-dbgsym Architecture: i386 Version: 5.6.5-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Abhijith PA Description: puma - threaded HTTP 1.1 server for Ruby/Rack applications Closes: 1050079 1060345 1082379 Changes: puma (5.6.5-3+deb12u1) bookworm; urgency=medium . * Team upload * d/patches/ + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. (Closes: #1050079) . + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of chunk extensions. (Closes: #1060345) . + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header. (Closes: #1082379) Checksums-Sha1: 1eec91e5ebaff23aaefd478dfacbb657dde3f645 33468 puma-dbgsym_5.6.5-3+deb12u1_i386.deb 4a2bc534050129021414d77cbee3621923cd2e5d 9763 puma_5.6.5-3+deb12u1_i386-buildd.buildinfo 0cf2054cd2172f870da9e1d255f5378e0527b8d5 156956 puma_5.6.5-3+deb12u1_i386.deb Checksums-Sha256: d9598af12ec4b6d8b75a47a69d8ca171e642a6852ccbcd34d3833db9b85963f3 33468 puma-dbgsym_5.6.5-3+deb12u1_i386.deb 5f43e17ac17ab64a169ba54151976d5b8d69073a6856c41aa5b1981b751108da 9763 puma_5.6.5-3+deb12u1_i386-buildd.buildinfo 28c36b5c33c506fa8fbab61490cdc6a83cf5a865b90d617fc57fcf07ab169574 156956 puma_5.6.5-3+deb12u1_i386.deb Files: a792c3f88338f178145449e4e35c52d1 33468 debug optional puma-dbgsym_5.6.5-3+deb12u1_i386.deb 7748945a828e747be542b5be99ec41b6 9763 web optional puma_5.6.5-3+deb12u1_i386-buildd.buildinfo ddd5b555cba716269409c879165ab32a 156956 web optional puma_5.6.5-3+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvy6d65NNYPbL6IQIEQ1nooK/IAQFAmeepCMACgkQEQ1nooK/ IAR/Dg//YbU53B74Y61eGluvqe64JldyRFekA3HxFfW/puqeTb3j9HNA7riTTszq AXMloUoSPNAlMzpsUI+i3FVJbClaCf5cW3sLR6ipUM5qKQRm3PHISgoqruzRmAjQ KuCR5R6Y4h1Od9nZs7O2tsrLJNCJ55/NINGybTzzbwNlKpZDlIxGhB1QS4ct0INl LtFv3/tqHCwag5FpN7713U5n+2s5BJWOxb5TBVF1pU0+z0c3DquD4TyBVEXkfTbN HPIUpfiz6rBxZVzupVtoC2xrZ6gEWvAqzxaGG9cMQs7Wn63DbnjEEqDwrJIRP/ky 1ebSFhin0NJLu/zCeIWuEZ7ot5DZtYmutG9dhUDYN2aeTpQLwBPsqxKxVTCwxIMi v9LN6QK6P4rc87sHbeHAZnPAt6utHbCOv/zX16zAnUytNO+QV37iQr7Ey3uc+ABv nGhWPHu/MCnrZMb/BsVCfd+aYpFmFj5rR6WATDPFXUMhEjt2jWIBa3gUjTvv62yf ZTI1gFpiZxYKGql5+5LUlYhf88VJWwhgFO5DF+Zc5D5vBxQs/Zixde5nyV1Qozxd 1+4BHEwnYFIQTxX5hSXlkxtQABHZynvOenBCPWwwg6XWZEhAUgRhs2FsEcDxjHYT gjEO7hF6JHB3z/9fV75E+Mn7z0NEQI0Qw5ZYfwp/kuw7xpoaR6c= =BC9T -----END PGP SIGNATURE-----