ruby-rack (3.2.5-1) [PTS] [DDPO]

COMMITS: VCS has seen 3 commits since the debian/3.2.4-1 tag

Git: https://salsa.debian.org/ruby-team/ruby-rack.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/latest
Path: debian/changelog
Repo size: 2224128
Browser: https://salsa.debian.org/ruby-team/ruby-rack
Last scan: 2026-03-10 08:48:06+00
Next scan: 2026-03-18 05:23:00+00
CI pipeline status: success

Debian changelog in Git:

ruby-rack (3.2.5-1) unstable; urgency=medium

  * New upstream version 3.2.5.
    - CVE-2026-25500: XSS injection via malicious filename
      in `Rack::Directory`. (Closes: #1128480)
    - CVE-2026-22860: Directory traversal via root prefix
      bypass in `Rack::Directory`. (Closes: #1128479)

 -- Utkarsh Gupta <utkarsh@debian.org>  Tue, 03 Mar 2026 18:15:24 +0530

This branch is 3 commits ahead of tag debian/3.2.4-1

Git log:

commit 4539174a5578fb2c9d56741de89a505b976d80c3
Author: Utkarsh Gupta <utkarsh@ubuntu.com>
Date:   Tue Mar 10 08:33:26 2026 +0530

    Update d/ch for 3.2.5-1 release

commit bf8be5508d0f01c741d4193b8c8d794451f19b39
Merge: 94ac2ff a8885f1
Author: Utkarsh Gupta <utkarsh@ubuntu.com>
Date:   Tue Mar 10 08:32:20 2026 +0530

    Update upstream source from tag 'upstream/3.2.5'
    
    Update to upstream version '3.2.5'
    with Debian dir 07839d09c37e075afe260d276af459db3c4c7a2f

commit a8885f1705f06602d9c44abd13deb28ac809ae40
Author: Utkarsh Gupta <utkarsh@ubuntu.com>
Date:   Tue Mar 10 08:32:16 2026 +0530

    New upstream version 3.2.5