Overview

File _patchinfo of Package patchinfo.23824

<patchinfo incident="23824">
  <issue tracker="bnc" id="1188527">VUL-0: CVE-2021-29509: rubygem-puma: incomplete fix for  allows Denial of Service (DoS)</issue>
  <issue tracker="bnc" id="1196222">VUL-0: CVE-2022-23634: rubygem-puma: information leak between requests</issue>
  <issue tracker="bnc" id="1191681">VUL-1: CVE-2021-41136: rubygem-puma: request smuggling if HTTP header value contains the LF character</issue>
  <issue tracker="cve" id="2021-41136"/>
  <issue tracker="cve" id="2021-29509"/>
  <issue tracker="cve" id="2022-23634"/>
  <packager>jeremy_moffitt</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for rubygem-puma</summary>
  <description>This update for rubygem-puma fixes the following issues:

rubygem-puma was updated to version 4.3.11:

* CVE-2021-29509: Adjusted an incomplete fix for  allows Denial of Service (DoS) (bsc#1188527)
* CVE-2021-41136: Fixed request smuggling if HTTP header value contains the LF character (bsc#1191681)
* CVE-2022-23634: Fixed information leak between requests (bsc#1196222)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places