Received: by mail.netbsd.org (Postfix, from userid 605) id 22C9484E61; Sat, 24 Feb 2024 15:06:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1708787201; bh=KmoYiM3NdkLiM4BVQ5QpkfGXLk+1tq2awufLpyNFyaE=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=AGahCoMtMqOubsLVOt4KndAKqKC7w9z/cnScP0ZBqRQdzA+6ouuNw/UWTvrMsGxGz 79ungsktGejbJyi0DMVCIp3N67XJ1zSAdIlA3sVD6xCq5tFum8CfuiSt3iKjTIptW9 2vkLp3N+gEC5d196m5v8/vsZSJbZHDSbz/dbVMRA= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 152BA84D27 for ; Sat, 24 Feb 2024 15:06:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id QaOpgAoaBZg0 for ; Sat, 24 Feb 2024 15:06:39 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 5E28D84C13 for ; Sat, 24 Feb 2024 15:06:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1708787199; bh=KmoYiM3NdkLiM4BVQ5QpkfGXLk+1tq2awufLpyNFyaE=; h=Date:From:Subject:To:Reply-To; b=d8fGeM+jR4Py/LA5yoYNpPsY/1wRmBr1EuDaHOoqqQDiHAG6eu/Lc+/vhJgpOw/vF fYHID7T1+Lah4iVLxsgN6gKpTYWzlMGJsXb6PpLhJJUp//GMZsUymOog4lZXJCQ1KD Af07JjC1BanH8oGQTGoJHgIZvBClMWH27YnsPwFE= Received: by cvs.NetBSD.org (Postfix, from userid 500) id 507BCF9F4; Sat, 24 Feb 2024 15:06:39 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_170878719960280" MIME-Version: 1.0 Date: Sat, 24 Feb 2024 15:06:39 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20240224150639.507BCF9F4@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_170878719960280 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Sat Feb 24 15:06:39 UTC 2024 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: doc: add CVE-2024-26146 Add CVE-2024-26146 entries for www/ruby-rack2 and www/ruby-rack. To generate a diff of this commit: cvs rdiff -u -r1.141 -r1.142 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_170878719960280 Content-Disposition: inline Content-Length: 1318 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.141 pkgsrc/doc/pkg-vulnerabilities:1.142 --- pkgsrc/doc/pkg-vulnerabilities:1.141 Sat Feb 24 15:05:22 2024 +++ pkgsrc/doc/pkg-vulnerabilities Sat Feb 24 15:06:38 2024 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.141 2024/02/24 15:05:22 taca Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.142 2024/02/24 15:06:38 taca Exp $ # #FORMAT 1.0.0 # @@ -25909,3 +25909,5 @@ ruby{27,30,31,32,33}-actionpack70>=7.0<7 ruby{27,30,31,32,33}-actionpack71>=7.1<7.1.3.2 cross-site-scripting https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947 ruby{27,30,31,32,33}-activestorage61>=6.1<6.1.7.7 information-leak https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945 ruby{27,30,31,32,33}-activestorage70>=7.0<7.0.8.1 information-leak https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945 +ruby{27,30,31}-rack2>=2.0<2.2.8.1 denial-of-service https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 +ruby{27,30,31}-rack>=3.0<3.0.9.1 denial-of-service https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 --_----------=_170878719960280--