| Release | Version |
|---|---|
| stretch | 3.6.0-1+deb9u2 |
| buster | 3.12.0-2+deb10u2 |
| buster (security) | 3.12.0-2+deb10u3 |
| bullseye | 4.3.8-1 |
| bullseye (security) | 4.3.8-1+deb11u2 |
| bookworm | 5.6.5-3 |
| trixie | 6.4.2-4 |
| sid | 6.4.2-4 |
| Bug | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-21647 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Puma is a web server for Ruby/Rack applications built for parallelism. ... |
| CVE-2023-40175 | vulnerable | vulnerable (no DSA, ignored) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Puma is a Ruby/Rack web server built for parallelism. Prior to version ... |
| CVE-2022-24790 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ... |
| CVE-2021-41136 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ... |
| Bug | Description |
|---|---|
| CVE-2022-23634 | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ... |
| CVE-2021-29509 | Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The f ... |
| CVE-2020-11077 | In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ... |
| CVE-2020-11076 | In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ... |
| CVE-2020-5249 | In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ... |
| CVE-2020-5247 | In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ... |
| CVE-2019-16770 | In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client coul ... |
| DSA / DLA | Description |
|---|---|
| DLA-3083-1 | puma - security update |
| DLA-3023-1 | puma - security update |
| DSA-5146-1 | puma - security update |
| DLA-2398-1 | puma - security update |