-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jan 2025 07:26:33 +0530
Source: puma
Binary: puma puma-dbgsym
Architecture: s390x
Version: 5.6.5-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: s390x Build Daemon (zandonai) <buildd_s390x-zandonai@buildd.debian.org>
Changed-By: Abhijith PA <abhijith@debian.org>
Description:
 puma       - threaded HTTP 1.1 server for Ruby/Rack applications
Closes: 1050079 1060345 1082379
Changes:
 puma (5.6.5-3+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * d/patches/
    + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
      parsing chunked transfer encoding bodies and zero-length
      Content-Length headers in a way that allowed HTTP request
      smuggling. (Closes: #1050079)
 .
    + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
      chunk extensions. (Closes: #1060345)
 .
    + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
      values set by intermediate proxies (such as X-Forwarded-For) by
      providing a underscore version of the same header.
      (Closes: #1082379)
Checksums-Sha1:
 6b723bfd2cbcff0255d3b54ae881a777723084d6 35396 puma-dbgsym_5.6.5-3+deb12u1_s390x.deb
 f856d17047e2835ed48a81145a4ddc40f935b737 9718 puma_5.6.5-3+deb12u1_s390x-buildd.buildinfo
 81c44f587d29dfc8178db14aeaf2112069ee928b 155492 puma_5.6.5-3+deb12u1_s390x.deb
Checksums-Sha256:
 ad58d206d630ba6c58b7ad09f739e61d9d4145e71f61d6acb863391f10afe97b 35396 puma-dbgsym_5.6.5-3+deb12u1_s390x.deb
 361b0aa13bb4fc8a725535b1a6f183c9eb7e2800aaf00420f983ea950433bcc0 9718 puma_5.6.5-3+deb12u1_s390x-buildd.buildinfo
 3eee1f4009ae3bd64fa87945fa7091a308cdb6692981175975578298447e75ad 155492 puma_5.6.5-3+deb12u1_s390x.deb
Files:
 0844d742d2219ac8aa80f268e2a1213a 35396 debug optional puma-dbgsym_5.6.5-3+deb12u1_s390x.deb
 74a854f85931fb2c1634035b4136d244 9718 web optional puma_5.6.5-3+deb12u1_s390x-buildd.buildinfo
 d92e30d50c5aab1295f69b3b5ebf2cf1 155492 web optional puma_5.6.5-3+deb12u1_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu0D/YpnnSxv8epH9AKOyQzsWVasFAmeenuYACgkQAKOyQzsW
VasvqQ//TYgkbsa+0+NcsisOAuoZLA+mr+ean+xaJ681TxyTgAb1D3sXxRhcE2rW
DmulCtv+yahp6r2ZeFnQjXsUPNXHkdVE0yOvksAliMEQ6CaoXFJ4v9SWBr1OpPna
QqmrzAd8ImBHIdb96OjRm3+slPQLfd/dEgQr0h/OurcTUQzOTigjSlIyicmOAJhx
cSO2eFLQKjWHgO8cT7zwjVy8JPJy76uXde1ecOC+3HaHu8EFs/FWO82jzwUX2mDt
+aB9C/V5pfGh4xPgi0iLNzYsuCEQBXtD+3kCJg4UXGqPkuDoICidobBqhCOOtH2k
2OfRRBIc0OazcWJxqRmySf/5h98/fC6aRdMBqwq7hWQPnKxlr/Lxdb+0WrpEN4Va
VkDJG+KBE1veE1dycOhz0konWwj313SdQGI7NMBsGkDiVVelsxg/J/b7vD0VZUAn
0CbPcljGGgH52JLDtXGncmTYsBE3xB7sytX6DKuyQWIkQVORUfT8+pMrTxDLlacW
8b8ietVXzyV6VcEbFOg8JAkiwGVHsl/8lh+rGLiVIihkTSFpq9DeugUO5FlpeSlS
/0U4EuqM3znZL7tbV7gyn8NmF01NArQ1rHkIv3YIML1KTfEkhJm3U/kXaMBAMB9h
dYH/9Goe0b8caAExh7SNh40O2IeFOwWhbEVUZxHxB77aaGNU6eM=
=m/3y
-----END PGP SIGNATURE-----