--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-7c8b29195f
2022-09-12 17:36:48.818476
--------------------------------------------------------------------------------
Name : rubygem-puma
Product : Fedora 37
Version : 5.6.5
Release : 1.fc37
URL :
https://puma.io
Summary : A simple, fast, threaded, and highly concurrent HTTP 1.1 server
Description :
Puma is a simple, fast, threaded, and highly parallel HTTP 1.1 server for
Ruby/Rack applications. Puma is intended for use in both development and
production environments. It's great for highly parallel Ruby implementations
such as Rubinius and JRuby as well as as providing process worker support to
support CRuby well.
--------------------------------------------------------------------------------
Update Information:
Update to Puma 5.6.5.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 25 2022 V��t Ondruch <vondruch(a)redhat.com> - 5.6.5-1
- Update to Puma 5.6.5.
Resolves: rhbz#2046576
Resolves: rhbz#2113697
Resolves: rhbz#2071625
Resovles: rhbz#2054212
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.5.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2054211 - CVE-2022-23634 rubygem-puma: rubygem-rails: information leak
between requests
https://bugzilla.redhat.com/show_bug.cgi?id=2054211
[ 2 ] Bug #2071616 - CVE-2022-24790 puma-5.6.4: http request smuggling vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=2071616
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-7c8b29195f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------