- puma (5.6.5-3+rpi1) bookworm-staging; urgency=medium
++puma (5.6.5-3+rpi1+deb12u1) bookworm-staging; urgency=medium
+
+ [changes brought forward from 5.5.2-2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 09 Dec 2021 21:50:38 +0000]
+ * Be more agressive about forcing UTF-8 locale.
+ * Fix clean target
+ * Disable testsuite
+
- -- Peter Michael Green <plugwash@raspbian.org> Thu, 27 Jul 2023 22:36:41 +0000
++ -- Raspbian forward porter <root@raspbian.org> Fri, 21 Mar 2025 16:45:38 +0000
++
+ puma (5.6.5-3+deb12u1) bookworm; urgency=medium
+
+ * Team upload
+ * d/patches/
+ + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
+ parsing chunked transfer encoding bodies and zero-length
+ Content-Length headers in a way that allowed HTTP request
+ smuggling. (Closes: #1050079)
+
+ + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
+ chunk extensions. (Closes: #1060345)
+
+ + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
+ values set by intermediate proxies (such as X-Forwarded-For) by
+ providing a underscore version of the same header.
+ (Closes: #1082379)
+
+ -- Abhijith PA <abhijith@debian.org> Wed, 29 Jan 2025 07:26:33 +0530
puma (5.6.5-3) unstable; urgency=medium
projects / puma.git / commitdiff