From secunia security advisory at $URL:
The vulnerability is caused due to an error within a hash generation function when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request.
The vulnerability is reported in version 1.2.0 and prior.
Fixed in the GIT repository.
Already masked the slot that did not receive fixes. I have bumps ready for all other slots, but they are pending test failures already reported upstream.
I have just added version bumps for all remaining slots. Only one version needs to be stabled (not the latest in that slot to avoid file collisions with later slots).
Arches, please test and mark stable:
Target keywords : "amd64 ia64 ppc ppc64 sparc x86"
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash
values for form parameters without restricting the ability to trigger hash
collisions predictably, which allows remote attackers to cause a denial of
service (CPU consumption) by sending many crafted parameters.
@security, please vote.
Thanks, folks. GLSA Vote: yes.
Vote: yes. GLSA request filed.
This issue was resolved and addressed in
GLSA 201203-05 at http://security.gentoo.org/glsa/glsa-201203-05.xml
by GLSA coordinator Sean Amoss (ackle).