puma (5.6.5-3+deb12u1) bookworm; urgency=medium

puma (5.6.5-3+deb12u1) bookworm; urgency=medium

  * Team upload
  * d/patches/
   + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
     parsing chunked transfer encoding bodies and zero-length
     Content-Length headers in a way that allowed HTTP request
     smuggling. (Closes: #1050079)

   + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
     chunk extensions. (Closes: #1060345)

   + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
     values set by intermediate proxies (such as X-Forwarded-For) by
     providing a underscore version of the same header.
     (Closes: #1082379)

[dgit import unpatched puma 5.6.5-3+deb12u1]