-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Jan 2025 07:26:33 +0530 Source: puma Binary: puma puma-dbgsym Architecture: armel Version: 5.6.5-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Abhijith PA Description: puma - threaded HTTP 1.1 server for Ruby/Rack applications Closes: 1050079 1060345 1082379 Changes: puma (5.6.5-3+deb12u1) bookworm; urgency=medium . * Team upload * d/patches/ + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. (Closes: #1050079) . + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of chunk extensions. (Closes: #1060345) . + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header. (Closes: #1082379) Checksums-Sha1: 9bdb37b489ab3d98147a4df034437d860066f6db 35632 puma-dbgsym_5.6.5-3+deb12u1_armel.deb 7551ab1611f1720dbe552fac5816b258dc291898 9696 puma_5.6.5-3+deb12u1_armel-buildd.buildinfo d21119797156326cc405470f74758f9454f0a386 154052 puma_5.6.5-3+deb12u1_armel.deb Checksums-Sha256: 17127d21f2754400c21f09d9b734f066da9b087e83d2475d372b756e0205322f 35632 puma-dbgsym_5.6.5-3+deb12u1_armel.deb 1ca25bcd30c8826eca7a5d0c920eb73664d9e577eccac5696386ed7bd90532b6 9696 puma_5.6.5-3+deb12u1_armel-buildd.buildinfo 1a1116487f50abaa525c5e437b9b6888a1148773e1291d7a3624fe68b5a779de 154052 puma_5.6.5-3+deb12u1_armel.deb Files: 134c3f1128c58d6cc459a2eb1dfe57b3 35632 debug optional puma-dbgsym_5.6.5-3+deb12u1_armel.deb deb69f6b36024c6551790027304b27cc 9696 web optional puma_5.6.5-3+deb12u1_armel-buildd.buildinfo f06f4d7207cf0f182aa630b2bcb86ef0 154052 web optional puma_5.6.5-3+deb12u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKAzExpjGvTI78ZO8LARVyvnD3xkFAmeenwIACgkQLARVyvnD 3xk//RAA36JxkJiJViZCmjiJVglDXoUldmGkfIx0FuiA746SmQ1KK1vBGccsKehW 0TYGiaVEyUaWH5tLrTq68C4NsyNYUfNiTArECZxDqF+WtSHm5tS/6r7jVOkYd8B9 vRXC28Kk7QVclcxUCpYVbtmZX7P4EJONQqXoYfckrI1SDGfEzuuJVBtiCOm7iTQl P+ze2p+W8bowCNFeiC+VTXo11bZsEc7OZSvtdMI7uZngY3IlLsf5dP/2Wuoagnfm 2Angja0s5veOh0RjtzkXI909XlzuxrREqyL1BveJhZrnEWYJKl6iXAfWcKKiTM11 a9BjDM5iB0Vzx4s+grgI7Mj064wK12VHlPWkbfUEYcwTLYIsW6Vacc12XBOT2Rfu ZOXvSzk+dRfounuGvmuR8BlS5dFUTi6NfRELdRTcHeq9IvNbeWKxse6P9Sv+O8Et xhnZedkJFJMza+1i7QTXuC9DWja4JoXEsCSvsjBsxfbcTeslSx36imRkC1VvfdcR wCRc7r1HyPjL0/XfDUYlUPczC/1NoMm8U69Pk9u9HT0zKcxWjyaSCrMa9rYqLtQB wfCS+7NIv+o1tOKLIn+LUxQaMuJf6PhEDB/4e+sGnUls6tZkP9fHjRxIov+e5+if ZdGOqkAAL/Mafr4cD8CT/oMbVt94R+rkztEbqGE/m2P2N4YPb5U= =gZWp -----END PGP SIGNATURE-----