-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jan 2025 07:26:33 +0530
Source: puma
Architecture: source
Version: 5.6.5-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Abhijith PA <abhijith@debian.org>
Closes: 1050079 1060345 1082379
Changes:
 puma (5.6.5-3+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * d/patches/
    + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
      parsing chunked transfer encoding bodies and zero-length
      Content-Length headers in a way that allowed HTTP request
      smuggling. (Closes: #1050079)
 .
    + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
      chunk extensions. (Closes: #1060345)
 .
    + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
      values set by intermediate proxies (such as X-Forwarded-For) by
      providing a underscore version of the same header.
      (Closes: #1082379)
Checksums-Sha1:
 831629bb245b57fc42af81b05f8747706e8c083d 2128 puma_5.6.5-3+deb12u1.dsc
 1669453294e4ae65dfb9c0f375934cecac74d48f 13800 puma_5.6.5-3+deb12u1.debian.tar.xz
 9b4c7c4f6dc6aa8b3248aee6d28fe90f8d672116 9866 puma_5.6.5-3+deb12u1_amd64.buildinfo
Checksums-Sha256:
 a1d80a95ba9ab81a1b7ad4fa0a7b4348ae93176ad055497ddfd092c42aeac143 2128 puma_5.6.5-3+deb12u1.dsc
 b491302c82cabcd6b3f76fa6f5d979a13507944ff9b22e874683a673d575b0dc 13800 puma_5.6.5-3+deb12u1.debian.tar.xz
 a82d45e985310952220ea0fbf212cd44a8aff4fff53573428a1448e800a5f00b 9866 puma_5.6.5-3+deb12u1_amd64.buildinfo
Files:
 a90189d93a44cc943c732d95ab8dcee6 2128 web optional puma_5.6.5-3+deb12u1.dsc
 a2ecb0c7b47e3f830b2e026d5ff461c5 13800 web optional puma_5.6.5-3+deb12u1.debian.tar.xz
 be48458b45cfe658cf1c697e0739a52e 9866 web optional puma_5.6.5-3+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmeZjr0UHGFiaGlqaXRo
QGRlYmlhbi5vcmcACgkQhj1N8u2cKO/UEw//Qo9ZcTYWX+0L2nH4LQ5sN0X6Zn+n
gPzqse+kihBxBYpBpw00l5D3/GZ5SqvLgkLpOpSU8SyeAH+TU3CZ8ntMrcm0DuES
Jw/oaCUcnzKIsDJgpQloCGCQwT01+iIXUA2x+t7gSTilQzPiP2A/CnQwJ0+rAAwh
wXA2n+ZPLiYJnAKATBgoxgCvIHIS+GRF6hH61iCrOEPvhu7wh+nN5X0N2h4nCpRO
gt+VFMkg0J27i6lfdoqljGzCmK+jQSFnm/MdkpT0TBZZfpWEsNBtZuvDr4duJ6Ix
qPsFa4L9mYPzQjixy7HucnheqCwBX2/1X1aR9GP7gINjZr7U3gKzfjWMAaqvtHDE
uZULxmgn3onyq2/hq/m6FI9dD9wLqzCVvu0qC5yqflOc9uOzUEaStWSkg7Tl40VS
S28UUs6Jk7x3/W7ADUkhyoC5uQFmZtkpxjHZEJY02Mvc+Hxph4iJwN0LrmMnm4E7
5LzZl/WpwvuKEeg/fsicWPU5bEF7dp8w10MEglkEl9uWn3st/+hppcr42Z7eIPEA
LH5asGNm77kvmjRVzFisRHomG3besg51ef6ipK9UKivxoII0OJQGke1JvPAbCyfD
UYWk441rg/+cxzfU/H1pDiDG7EBSl3WR3nyNa7ZQjYWcGXB1NV5qG8aykVykp6Q8
c5TJpVOGAd2yjpI=
=C3qy
-----END PGP SIGNATURE-----