Overview

File _patchinfo of Package patchinfo.15625

<patchinfo incident="15625">
  <issue tracker="jsc" id="SLE-6965"/>
  <issue tracker="bnc" id="1172175">VUL-1: CVE-2020-11077: rubygem-puma: client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client</issue>
  <issue tracker="bnc" id="1172176">VUL-1: CVE-2020-11076: rubygem-puma:  attacker could smuggle an HTTP response, by using an invalid transfer-encoding header</issue>
  <issue tracker="cve" id="2020-11076"/>
  <issue tracker="cve" id="2020-11077"/>
  <packager>dmaiocchi</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for rubygem-puma</summary>
  <description>This update for rubygem-puma to version 4.3.5 fixes the following issues:

- CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175).
- CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176).
- Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places