-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-fe354f24e8 2020-09-25 16:31:57.895565 --------------------------------------------------------------------------------
Name : rubygem-puma Product : Fedora 33 Version : 4.3.6 Release : 1.fc33 URL : http://puma.io Summary : A simple, fast, threaded, and highly concurrent HTTP 1.1 server Description : Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.
-------------------------------------------------------------------------------- Update Information:
Update to Puma 4.3.6. -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 7 2020 V��t Ondruch vondruch@redhat.com - 4.3.6-1 - Update to Puma 4.3.6. Resolves: rhbz#1837148 Resolves: rhbz#1863729 Resolves: rbhz#1842535 Resolves: rbhz#1842540 - Fix the man pages generation and move them into the main package. * Sat Aug 1 2020 Fedora Release Engineering releng@fedoraproject.org - 4.3.3-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jul 29 2020 Fedora Release Engineering releng@fedoraproject.org - 4.3.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1842534 - CVE-2020-11077 rubygem-puma: HTTP Smuggling through a proxy via Transfer-Encoding Header https://bugzilla.redhat.com/show_bug.cgi?id=1842534 [ 2 ] Bug #1842539 - CVE-2020-11076 rubygem-puma: HTTP Smuggling via an invalid Transfer-Encoding Header https://bugzilla.redhat.com/show_bug.cgi?id=1842539 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-fe354f24e8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------