| Package | ruby-rack |
|---|---|
| Version | 1.6.4-4+deb9u4 (stretch) |
| Related CVEs | CVE-2022-44570 CVE-2022-44571 |
A couple of ReDoS vulnerabilities were found in multipart parser and Rack::Utils.byte_ranges in ruby-rack, a modular Ruby webserver interface.
For Debian 9 stretch, these problems have been fixed in version 1.6.4-4+deb9u4.
We recommend that you upgrade your ruby-rack packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.