CVE-2023-27530: A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d361bc459d3d18363af0e8adf8c2f65e7d0024f6 commit d361bc459d3d18363af0e8adf8c2f65e7d0024f6 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2023-05-01 05:59:28 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-05-01 06:13:26 +0000 dev-ruby/rack: drop 2.2.6.2, 3.0.4.1 Bug: https://bugs.gentoo.org/905333 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-ruby/rack/Manifest | 2 -- dev-ruby/rack/rack-2.2.6.2.ebuild | 54 --------------------------------------- dev-ruby/rack/rack-3.0.4.1.ebuild | 45 -------------------------------- 3 files changed, 101 deletions(-)
Thanks! Only a "soft" DoS, no GLSA. All done.