UbuntuUpdates.org

Package "puma"

Name: puma

Description:

threaded HTTP 1.1 server for Ruby/Rack applications
Latest version: 5.6.5-3ubuntu1.2
Release: lunar (23.04)
Level: updates
Repository: main
Homepage: https://puma.io

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "puma"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "puma" in Lunar

Repository Area Version
base main 5.6.5-3ubuntu1
security main 5.6.5-3ubuntu1.2

Changelog

Version: 5.6.5-3ubuntu1.2 2024-01-25 15:11:57 UTC

  puma (5.6.5-3ubuntu1.2) lunar-security; urgency=medium

  * SECURITY UPDATE: DoS via chunked transfer encoding body parsing
    - debian/patches/CVE-2024-21647.patch: limit the size of chunk
      extensions in lib/puma/client.rb, test/test_puma_server.rb.
    - CVE-2024-21647

 -- Marc Deslauriers <email address hidden> Tue, 23 Jan 2024 12:53:05 -0500
Source diff to previous version
CVE-2024-21647 Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked

Version: 5.6.5-3ubuntu1.1 2023-09-27 13:10:06 UTC

  puma (5.6.5-3ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: HTTP request smuggling issues
    - debian/patches/CVE-2023-40175.patch: fix parsing in
      lib/puma/client.rb, test/test_puma_server.rb.
    - CVE-2023-40175

 -- Marc Deslauriers <email address hidden> Fri, 22 Sep 2023 13:03:47 -0400
CVE-2023-40175 Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked trans


About   -   Send Feedback to @ubuntu_updates