-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 05 Mar 2026 17:34:17 +0530
Source: ruby-rack
Built-For-Profiles: noudeb
Architecture: source
Version: 2.2.22-0+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Closes: 1128479 1128480
Changes:
 ruby-rack (2.2.22-0+deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 2.2.22.
     - CVE-2026-25500: XSS injection via malicious filename
       in `Rack::Directory`. (Closes: #1128480)
     - CVE-2026-22860: Directory traversal via root prefix
       bypass in `Rack::Directory`. (Closes: #1128479)
Checksums-Sha1:
 b9c837277ec92c478b9556556b6774c175bc134e 2404 ruby-rack_2.2.22-0+deb12u1.dsc
 3d097549d3a0b547e75e0bead499b87ba2222979 287630 ruby-rack_2.2.22.orig.tar.gz
 027ce8467a681308e641c5081509e1f0401c22c2 9856 ruby-rack_2.2.22-0+deb12u1.debian.tar.xz
 7650c88402147f06aa595729b38a1c9fc555e4a3 15943 ruby-rack_2.2.22-0+deb12u1_source.buildinfo
Checksums-Sha256:
 5b20b6a4d82b3c13b4d526eb661db33768fcdc16a0eb727e47fa2266bc0b0891 2404 ruby-rack_2.2.22-0+deb12u1.dsc
 477526d532b066cca6457c39b380bb68dfbe0f9cbdb2e470b944c839d2016220 287630 ruby-rack_2.2.22.orig.tar.gz
 b680e1ac4dbdae958877b968fe5e96e160f954d82723e57a2b86de5df200dd57 9856 ruby-rack_2.2.22-0+deb12u1.debian.tar.xz
 d45e07964bb199b6bea1ac3391aa6cb6db7e76515dcc13293a45ef5f530dc177 15943 ruby-rack_2.2.22-0+deb12u1_source.buildinfo
Files:
 263f525798eac244ce2ab39ce16cb543 2404 ruby optional ruby-rack_2.2.22-0+deb12u1.dsc
 a9dd8c6f5c96dbc132cda7d100ff3bf0 287630 ruby optional ruby-rack_2.2.22.orig.tar.gz
 51d4303ccd4ade9bf436d426c61b564e 9856 ruby optional ruby-rack_2.2.22-0+deb12u1.debian.tar.xz
 7bc467290db55f6d93c57bce2fff49c6 15943 ruby optional ruby-rack_2.2.22-0+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmm9YUwTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlnhtEADYNj7+crs3C2NCpuegbBEX9MomMbyB
m2Qk7BZooLNdJ7qOwixqXCNGTO2gzWkoIUGVdxyjars+pDsd8Ra87902QlWSEHDu
LQ512t3KpjP0408J453SzUZfB8l8YfHEpdnHyAsC/HMs3pWs3vEYUlxmItkl8PIe
+gK0AEKrT3Oj+ir+dr3OMvzDWSvJhShO9taBOhW6/jU/aqIzoQTTjA14Rk70yd3U
TmH7bImnUk+3V4+dRP+P8hQ4BsDsFWRpycg6wQD0Vu4cwXhDt05gQmFZ/Dh7b/HC
WjJdKXBH6lQQjdu5SGc9fVhcOV7qOYsOObDPOFpKQANXCweSfvxJcbI7634wSra6
1eMOSJBabayH/uiYxr0c5MQxCsrgvUUU0HIiyurTdSMEsdh8hEB3zXDaSzgGMYuO
2Ua8cvc2IoF5usWEXhre2tlulL1hsxyeBO9FcLQjQYHEcyo2/KMc9MqEVM5XqIep
8ddE/xtI3Pw8qu0x4bq9CU7kAyWBK09ywmf4ws0aFNw13pkEdP4apWcC3yDFP74e
JpYyiqkZYbYycwfcKoNPQ9Nt9PtWoCzfBr1dyRoEoKpm0RLBqCy5yJkZKN6tESoN
otUPFlcYIE7x9I+lUDWec6iesEmJsCXekKVxVeu0bl56YDgisSEcA9UaahFC8QVQ
7bd6xFDVmbTpcA==
=ZKOM
-----END PGP SIGNATURE-----