--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-fe354f24e8
2020-09-25 16:31:57.895565
--------------------------------------------------------------------------------
Name : rubygem-puma
Product : Fedora 33
Version : 4.3.6
Release : 1.fc33
URL :
http://puma.io
Summary : A simple, fast, threaded, and highly concurrent HTTP 1.1 server
Description :
Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for
Ruby/Rack applications. Puma is intended for use in both development and
production environments. It's great for highly concurrent Ruby implementations
such as Rubinius and JRuby as well as as providing process worker support to
support CRuby well.
--------------------------------------------------------------------------------
Update Information:
Update to Puma 4.3.6.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 7 2020 V��t Ondruch <vondruch(a)redhat.com> - 4.3.6-1
- Update to Puma 4.3.6.
Resolves: rhbz#1837148
Resolves: rhbz#1863729
Resolves: rbhz#1842535
Resolves: rbhz#1842540
- Fix the man pages generation and move them into the main package.
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.3.3-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.3.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1842534 - CVE-2020-11077 rubygem-puma: HTTP Smuggling through a proxy via
Transfer-Encoding Header
https://bugzilla.redhat.com/show_bug.cgi?id=1842534
[ 2 ] Bug #1842539 - CVE-2020-11076 rubygem-puma: HTTP Smuggling via an invalid
Transfer-Encoding Header
https://bugzilla.redhat.com/show_bug.cgi?id=1842539
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-fe354f24e8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------