Information on source package puma

Available versions

ReleaseVersion
stretch3.6.0-1+deb9u2
buster3.12.0-2+deb10u3
bullseye4.3.8-1+deb11u2
bookworm5.6.5-3
trixie6.4.2-6
sid6.4.2-6

Open issues

BugstretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-45614vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablePuma is a Ruby/Rack web server built for parallelism. In affected vers ...
CVE-2024-21647vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedPuma is a web server for Ruby/Rack applications built for parallelism. ...
CVE-2023-40175vulnerablevulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA)fixedfixedPuma is a Ruby/Rack web server built for parallelism. Prior to version ...
CVE-2022-24790vulnerable (no DSA)fixedfixedfixedfixedfixedPuma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ...
CVE-2021-41136vulnerable (no DSA)fixedfixedfixedfixedfixedPuma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...

Resolved issues

BugDescription
CVE-2022-23634Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...
CVE-2021-29509Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The f ...
CVE-2020-11077In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...
CVE-2020-11076In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...
CVE-2020-5249In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...
CVE-2020-5247In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...
CVE-2019-16770In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client coul ...

Security announcements

DSA / DLADescription
DLA-3083-1puma - security update
DLA-3023-1puma - security update
DSA-5146-1puma - security update
DLA-2398-1puma - security update

Search for package or bug name: Reporting problems