| Package | ruby-rack |
|---|---|
| Version | 1.6.4-4+deb9u6 (stretch) |
| Related CVEs | CVE-2024-26141 CVE-2024-26146 |
Multiple vulnerabilities were fixed in ruby-rack, an interface for developing web applications in Ruby.
CVE-2024-26141
Reject Range headers which are too large
CVE-2024-26146
ReDoS in Accept header parsing
For Debian 9 stretch, these problems have been fixed in version 1.6.4-4+deb9u6.
We recommend that you upgrade your ruby-rack packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.