There is a possible denial of service vulnerability in the content type parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2024-25126. Versions Affected: >= 0.4 Not affected: < 0.4 Fixed Versions: 3.0.9.1, 2.2.8.1 Impact There is a possible DoS vulnerability relating to the Range request header in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141. Versions Affected: >= 1.3.0. Not affected: < 1.3.0 Fixed Versions: 3.0.9.1, 2.2.8.1 There is a possible denial of service vulnerability in the header parsing routines in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26146. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ec55ce4e7f0b44d5d2227b9e572f6c652e3c77a commit 2ec55ce4e7f0b44d5d2227b9e572f6c652e3c77a Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2024-10-17 05:18:04 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-10-17 05:18:51 +0000 dev-ruby/rack: drop 2.2.8, 3.0.8, 3.0.9 Bug: https://bugs.gentoo.org/925208 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-ruby/rack/Manifest | 3 --- dev-ruby/rack/rack-2.2.8.ebuild | 57 ----------------------------------------- dev-ruby/rack/rack-3.0.8.ebuild | 45 -------------------------------- dev-ruby/rack/rack-3.0.9.ebuild | 45 -------------------------------- 4 files changed, 150 deletions(-)
