File _patchinfo of Package patchinfo.37788

<patchinfo incident="37788">
  <packager>aburlakov</packager>
  <issue tracker="cve" id="2025-25184"></issue>
  <issue tracker="cve" id="2025-27111"></issue>
  <issue tracker="bnc" id="1238607">VUL-0: CVE-2025-27111: rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection</issue>
  <issue tracker="bnc" id="1237141">VUL-0: CVE-2025-25184: rubygem-rack: Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries</issue>
  <issue tracker="cve" id="2025-27610"></issue>
  <issue tracker="bnc" id="1239298">VUL-0: CVE-2025-27610: rubygem-rack,rubygem-rack-1_6,rubygem-rack-2.2: improper sanitization of user-supplied paths when serving files leading to local file inclusion</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for rubygem-rack</summary>
  <description>This update for rubygem-rack fixes the following issues:

- CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection (bsc#1237141)
- CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection (bsc#1238607)
- CVE-2025-27610: Fixed improper sanitization of user-supplied paths (bsc#1239298)
</description>
</patchinfo>