-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Mar 2026 09:44:22 +0530
Source: ruby-rack
Binary: ruby-rack
Architecture: all
Version: 3.1.20-0+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Description:
 ruby-rack  - modular Ruby webserver interface
Closes: 1128479 1128480
Changes:
 ruby-rack (3.1.20-0+deb13u1) trixie-security; urgency=high
 .
   * New upstream version 3.1.20.
     - CVE-2026-25500: XSS injection via malicious filename
       in `Rack::Directory`. (Closes: #1128480)
     - CVE-2026-22860: Directory traversal via root prefix
       bypass in `Rack::Directory`. (Closes: #1128479)
Checksums-Sha1:
 4732be2c217ecf2aaca236d9a9fd6d236f4f11d3 8366 ruby-rack_3.1.20-0+deb13u1_all-buildd.buildinfo
 ca5e307a2e6096fd0211bc83063422be10525458 100272 ruby-rack_3.1.20-0+deb13u1_all.deb
Checksums-Sha256:
 cfdbe997c5fd094655b5ba418a40f209f979d6fb20c14f0c124256c7506a67b6 8366 ruby-rack_3.1.20-0+deb13u1_all-buildd.buildinfo
 7552d548c1826daed2991ef003dd023b997547282da99fc8479a0fbbec315508 100272 ruby-rack_3.1.20-0+deb13u1_all.deb
Files:
 43b8b1c4f46d4003929e37208bdc8bbd 8366 ruby optional ruby-rack_3.1.20-0+deb13u1_all-buildd.buildinfo
 d0ef0f0b4151258aad03add5a5b4b414 100272 ruby optional ruby-rack_3.1.20-0+deb13u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmnDEjMACgkQmgPNRvTf
/zeFhA/8DiPVbhtFbQtpl5gjOFgJfYlxyTL7fzLrkrsQipectbfKqhmw77rikZxp
VZFzspKdNW9ewE0ZxrQyfWrBIWDgXtQTShkW9B8+c84iRFnDn8cmaTb+aq6W3jfg
EH/Q5VkLvzHM8u3zt1B2YzEEjdvRgt8Xohj1CPBT5WhxfUxEFUZHbt76nbUtYyEM
NtBJkeazYbkGd1Vg7G9pH3SPoATWdgxMwLS38Glktc9xuHVokYdH9CSqzXs6PMIO
Si/oxZ93rKEKo2293bzt5fDrk/pTeznI9OQnvarNK2cr4ShuRCjQ31WIcYm3D/Ky
GgOQbJ/3SclOA+9MVsfVSqIjFYR95iXadGjiaIbWDKiasaa/mhTypc9PzqjDVoQu
CEHIbY/TTVvWz9H96NQbR4ZNksmzxgN0y5BTNr6FX9NKr2km6NVFKfB0eDXW5LKC
WJRb6kZa0IvAOxqoJyl/w4Jdwg5klYh1fhi9Yv5eFxzfEMHG5ttnpVimdKjmkIk7
NND660iz+a/zeNpuA8fnbtdqsZW9hihRUcD3OKbIar/n7Tn12cATgOSDEm0urDj7
56DmYBosyfmxRiWi5zPaJ8WP5tBBDkxoD3RJeIH73NWUXArq3y7U7EzUMHyo2L6T
tRW5ImsheVMUB3aQ3HyTyofPh/ANcIcaGxKX9dy1P9/Whvp5bKk=
=b982
-----END PGP SIGNATURE-----