An advisory has been issued on December 18: https://www.openwall.com/lists/oss-security/2019/12/18/2 The issue is fixed upstream in 2.0.8. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Assigning to Pascal because, in the absence of a registered maintainer, you have done the most recent commits for this package. Hope this is OK.
Assignee: bugsquad => pterjan
Status comment: (none) => Fixed upstream in 2.0.8
Fedora has issued an advisory for this on January 18: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/
openSUSE has issued an advisory for this on February 12: https://lists.opensuse.org/opensuse-updates/2020-02/msg00059.html
Pascal upgraded Cauldron to 2.2.2 on March 28.
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7
Depends on: (none) => 26688
updated to version 2.0.8 to fix this bug. I kept the patch to fix 26688 too. ruby-rack-2.0.8-1.mga7
Assignee: pterjan => qa-bugsCC: (none) => mageia
We'll assign the newer bug to QA.
Assignee: qa-bugs => pterjan
Status comment: Fixed upstream in 2.0.8 => Fixed in Bug 26688
Fixed in: https://advisories.mageia.org/MGASA-2020-0252.html
Status: NEW => RESOLVEDResolution: (none) => FIXED