Overview

File _patchinfo of Package patchinfo.37860

<patchinfo incident="37860">
  <issue tracker="cve" id="2025-27610"/>
  <issue tracker="cve" id="2025-25184"/>
  <issue tracker="bnc" id="1239298">VUL-0: CVE-2025-27610: rubygem-rack,rubygem-rack-1_6,rubygem-rack-2.2: improper sanitization of user-supplied paths when serving files leading to local file inclusion</issue>
  <issue tracker="bnc" id="1237141">VUL-0: CVE-2025-25184: rubygem-rack: Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries</issue>
  <packager>aburlakov</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for rubygem-rack-1_6</summary>
  <description>This update for rubygem-rack-1_6 fixes the following issues:

- CVE-2025-27610: Fixed improper sanitization of user-supplied paths when serving files leading to local file inclusion (bsc#1239298).
- CVE-2025-25184: Fixed Rack::CommonLogger log entry manipulation (bsc#1237141).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places