[SECURITY] Fedora 37 Update: rubygem-puma-5.6.5-1.fc37

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-7c8b29195f 2022-09-12 17:36:48.818476 -------------------------------------------------------------------------------- Name : rubygem-puma Product : Fedora 37 Version : 5.6.5 Release : 1.fc37 URL : https://puma.io Summary : A simple, fast, threaded, and highly concurrent HTTP 1.1 server Description : Puma is a simple, fast, threaded, and highly parallel HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly parallel Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well. -------------------------------------------------------------------------------- Update Information: Update to Puma 5.6.5. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 25 2022 V��t Ondruch <vondruch(a)redhat.com&gt; - 5.6.5-1 - Update to Puma 5.6.5. Resolves: rhbz#2046576 Resolves: rhbz#2113697 Resolves: rhbz#2071625 Resovles: rhbz#2054212 * Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 5.5.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2054211 - CVE-2022-23634 rubygem-puma: rubygem-rails: information leak between requests https://bugzilla.redhat.com/show_bug.cgi?id=2054211 [ 2 ] Bug #2071616 - CVE-2022-24790 puma-5.6.4: http request smuggling vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=2071616 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-7c8b29195f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------