-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 05 Mar 2026 17:34:17 +0530
Source: ruby-rack
Binary: ruby-rack
Architecture: all
Version: 2.2.22-0+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Description:
 ruby-rack  - modular Ruby webserver interface
Closes: 1128479 1128480
Changes:
 ruby-rack (2.2.22-0+deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 2.2.22.
     - CVE-2026-25500: XSS injection via malicious filename
       in `Rack::Directory`. (Closes: #1128480)
     - CVE-2026-22860: Directory traversal via root prefix
       bypass in `Rack::Directory`. (Closes: #1128479)
Checksums-Sha1:
 60313b104e635422ed0bc2abdefc22d520108283 9736 ruby-rack_2.2.22-0+deb12u1_all-buildd.buildinfo
 925538d9455f0039e0d0461b23311d77f47da34e 136408 ruby-rack_2.2.22-0+deb12u1_all.deb
Checksums-Sha256:
 41980c78ec2f38bc3b8817efbadf19dd66dd267115f835efe8a9f413ba4de9ff 9736 ruby-rack_2.2.22-0+deb12u1_all-buildd.buildinfo
 18bab2c3caffa2b1a35cd73d49652d749909e87fd2d5b57dd4a594a02a6ad157 136408 ruby-rack_2.2.22-0+deb12u1_all.deb
Files:
 fae4cf9899baa06829a943c268079528 9736 ruby optional ruby-rack_2.2.22-0+deb12u1_all-buildd.buildinfo
 a62f4fcda5e673e2735446347630acfc 136408 ruby optional ruby-rack_2.2.22-0+deb12u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmm9aG0ACgkQaBVi67oX
tfkLDRAAsIy+KCmvrhp9IOWPPRDnpuyIaHpTgNFsmUsWtrr78MQeX9/XICkCLzCt
3p8KqriNFIeSBR1nj4dZjVTBykU/XGDtXSsZuTSYGkC5w9UtVxmah14Uqf7psntC
sZPWPFtegV1qQpm8I47VvP/oUUHylB5ymnH194BqMiKH2RC+XbYWKKxcYIAWhWPt
ciPfas+i/ymZEQSiPSFG+U1Te6kdmSKbEuYXFWHtSw4zpKcD6cO8EB51zzOSTNPa
uFAmYjcuhBEurYeiGjscqE0n92IePhcubPge430SCj/u9FI6VjB7dbOa51XHHUZJ
3I75gCfYiCbyv5zWP/tE6EyMx1YzjnI8L3OQHtccjFDBxZgDCEnm+cGCDwpuO7W6
DFBuTx6uMWOEbqIhriBvqa1R84X6Ivh4NhpH8T9df0yB6byIYykz93PjegyudKfu
SbMHuIjTOrmdGMutWORR76yh2O2tIU2RTiUxnfq/U/yilrm5hpDZggxGEnmrnemU
1Yf6pW7tX1NFclTEtoOJWxqK6qyJw60TedgdYmPcfkphL2/ZSFDu555lB32J/zVH
omIn9BJKdhFakj9n6ZkxbMUlsaIOlPUaK2ur5OFUtS8RLCcyaVzD9iHQawwUOBGH
jCn2o3CACwJR7AR28k3+JpZ1FKmLQHXzzbaqohYOpEY7fooyQdU=
=+EEN
-----END PGP SIGNATURE-----