From: Raspbian automatic forward porter <root@raspbian.org>
Date: Fri, 21 Mar 2025 16:45:38 +0000 (+0000)
Subject: Merge version 5.6.5-3+rpi1 and 5.6.5-3+deb12u1 to produce 5.6.5-3+rpi1+deb12u1
X-Git-Tag: archive/raspbian/5.6.5-3+rpi1+deb12u1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=5a5b2525cbd5bc2fcb724a2d6628b2d32ed6b7ba;p=puma.git

Merge version 5.6.5-3+rpi1 and 5.6.5-3+deb12u1 to produce 5.6.5-3+rpi1+deb12u1
---

5a5b2525cbd5bc2fcb724a2d6628b2d32ed6b7ba
diff --cc debian/changelog
index b0be608,bcafd37..902876e
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,11 -1,21 +1,30 @@@
- puma (5.6.5-3+rpi1) bookworm-staging; urgency=medium
++puma (5.6.5-3+rpi1+deb12u1) bookworm-staging; urgency=medium
 +
 +  [changes brought forward from 5.5.2-2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 09 Dec 2021 21:50:38 +0000]
 +  * Be more agressive about forcing UTF-8 locale.
 +  * Fix clean target
 +  * Disable testsuite
 +
-  -- Peter Michael Green <plugwash@raspbian.org>  Thu, 27 Jul 2023 22:36:41 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Fri, 21 Mar 2025 16:45:38 +0000
++
+ puma (5.6.5-3+deb12u1) bookworm; urgency=medium
+ 
+   * Team upload
+   * d/patches/
+    + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
+      parsing chunked transfer encoding bodies and zero-length
+      Content-Length headers in a way that allowed HTTP request
+      smuggling. (Closes: #1050079)
+ 
+    + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
+      chunk extensions. (Closes: #1060345)
+ 
+    + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
+      values set by intermediate proxies (such as X-Forwarded-For) by
+      providing a underscore version of the same header.
+      (Closes: #1082379)
+ 
+  -- Abhijith PA <abhijith@debian.org>  Wed, 29 Jan 2025 07:26:33 +0530
  
  puma (5.6.5-3) unstable; urgency=medium