File rubygem-rack-CVE-2023-27539.patch of Package rubygem-rack.32804
Index: rack-2.0.8/lib/rack/request.rb
===================================================================
--- rack-2.0.8.orig/lib/rack/request.rb
+++ rack-2.0.8/lib/rack/request.rb
@@ -450,8 +450,8 @@ module Rack
def default_session; {}; end
def parse_http_accept_header(header)
- header.to_s.split(/\s*,\s*/).map do |part|
- attribute, parameters = part.split(/\s*;\s*/, 2)
+ header.to_s.split(",").each(&:strip!).map do |part|
+ attribute, parameters = part.split(";", 2).each(&:strip!)
quality = 1.0
if parameters and /\Aq=([\d.]+)/ =~ parameters
quality = $1.to_f