[DRE-commits] [ruby-rack] 01/01: Update debian/changelog

Youhei SASAKI uwabami-guest at moszumanska.debian.org
Thu Jul 30 09:37:46 UTC 2015 

This is an automated email from the git hooks/post-receive script.

uwabami-guest pushed a commit to branch master-1.4.1-wheezy
in repository ruby-rack.

commit 2b12fca78d3fd111aeb84c1af5b9a935b217c131
Author: Youhei SASAKI <uwabami at gfd-dennou.org>
Date:   Thu Jul 30 18:11:00 2015 +0900

    Update debian/changelog
    
    Signed-off-by: Youhei SASAKI <uwabami at gfd-dennou.org>
---
 debian/changelog                                                  | 8 ++++++--
 .../{1-4-deep_params.patch => 0006-Fix-Params_Depth.patch}        | 0
 debian/patches/series                                             | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index c941e00..cca7f8c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,11 @@
-ruby-rack (1.4.1-3) unstable; urgency=medium
+ruby-rack (1.4.1-2.1+deb7u1) unstable; urgency=high
 
   * Create cherry-picked patch for Security Fix (Closes: #789311).
-    - CVE-2015-3225: 1-4-deep_params.patch
+    - CVE-2015-3225: 0006-Fix-Params_Depth.patch
+      Default depth at which the parameter parser will raise an exception
+      for being too deep, allows remote attackers to cause a denial of
+      service (SystemStackError) via a request with a large parameter
+      depth.
 
  -- Youhei SASAKI <uwabami at gfd-dennou.org>  Wed, 29 Jul 2015 16:37:25 +0900
 
diff --git a/debian/patches/1-4-deep_params.patch b/debian/patches/0006-Fix-Params_Depth.patch
similarity index 100%
rename from debian/patches/1-4-deep_params.patch
rename to debian/patches/0006-Fix-Params_Depth.patch
diff --git a/debian/patches/series b/debian/patches/series
index 8a096ab..f3a26ff 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,4 +3,4 @@
 0003-Reimplement-auth-scheme-fix.patch
 0004-Prevent-symlink-path-traversals.patch
 0005-Use-secure_compare-for-hmac-comparison.patch
-1-4-deep_params.patch
+0006-Fix-Params_Depth.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-rack.git

More information about the Pkg-ruby-extras-commits mailing list