Overview

File _patchinfo of Package patchinfo.38666

<patchinfo incident="38666">
  <issue tracker="cve" id="2025-46727"/>
  <issue tracker="cve" id="2025-32441"/>
  <issue tracker="bnc" id="1242894">VUL-0: CVE-2025-46727: rubygem-rack: rack: Unbounded-Parameter DoS in Rack:QueryParser</issue>
  <issue tracker="bnc" id="1242899">VUL-0: CVE-2025-32441: rubygem-rack: rack: Rack Session Reuse Vulnerability</issue>
  <packager>aburlakov</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for rubygem-rack</summary>
  <description>This update for rubygem-rack fixes the following issues:

- CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser (bsc#1242894).
- CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool
  middleware is being used (bsc#1242899). 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places