ruby-rack (3.1.18-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/ruby-team/ruby-rack.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/latest
Path: debian/changelog
Repo size: 1585152
Browser: https://salsa.debian.org/ruby-team/ruby-rack
Last scan: 2025-12-05 15:02:10+00
Next scan: 2025-12-11 19:07:00+00
Merge requests: 1
CI pipeline status: success

Debian changelog in Git:

ruby-rack (3.1.18-1) unstable; urgency=medium

  * New upstream version 3.1.18.
    - CVE-2025-61772: Multipart parser buffers unbounded per-part headers,
      enabling DoS (memory exhaustion).
    - CVE-2025-61771: Multipart parser buffers large non‑file fields
      entirely in memory, enabling DoS (memory exhaustion).
    - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS
      (memory exhaustion).
    - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may
      allow proxy bypass.
    - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead
      to memory exhaustion.
    - Closes: #1117855, #1117856, #1117627, #1117628

 -- Utkarsh Gupta <utkarsh@debian.org>  Wed, 22 Oct 2025 08:52:58 +0100

This branch is even with tag debian/3.1.18-1