Debian-LTS has issued an advisory on January 10: https://www.debian.org/lts/security/2023/dla-3264 The issue is fixed upstream in 2.2.3 and 3.0.4: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 2.2.3 and 3.0.4Whiteboard: (none) => MGA8TOO
Fixed in cauldron by updating to 3.0.4 and in 8 by backporting https://github.com/sinatra/sinatra/commit/1808bcdf3424eab0c659ef2d0e85579aab977a1a
ruby-sinatra-2.0.8.1-1.2.mga8 from ruby-sinatra-2.0.8.1-1.2.mga8.src.rpm
CC: (none) => pterjanAssignee: pterjan => qa-bugsVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 2.2.3 and 3.0.4 => (none)
MGA8-64 MATE on Acer Aspire 5253 No installation issues. I'm not at all familiar with ruby e.a. but found bug 30542 Comment 4 that I more or less could grasp. $ cd Documents/ $ mkdir public $ echo bar > public/foo.html $ ruby -rsinatra -e "get '/' do 'Hello world'; end"& [1] 12356 $ [2023-01-19 11:14:03] INFO WEBrick 1.6.1 [2023-01-19 11:14:03] INFO ruby 2.7.7 (2022-11-24) [x86_64-linux] == Sinatra (v2.0.8.1) has taken the stage on 4567 for development with backup from WEBrick [2023-01-19 11:14:03] INFO WEBrick::HTTPServer#start: pid=12356 port=4567 This was all feedback on the ruby command and then this terminal session was waiting On another tab in the terminal I did then $ GET 127.0.0.1:4567/foo.html bar and got on the first tab the feedback 127.0.0.1 - - [19/Jan/2023:11:15:07 +0100] "GET /foo.html HTTP/1.1" 200 4 0.0396 127.0.0.1 - - [19/Jan/2023:11:15:07 CET] "GET /foo.html HTTP/1.1" 200 4 - -> /foo.html I expected to see the 'Hello world' somewhere in the feedback, but on the other hand the content of the foo.html appears at the place I expected. Really not sure what this all means ....
CC: (none) => herman.viaene
@Herman, re comment 3: The 'Hello world' message does turn up, in a browser at localhost:4567/ No idea how you would progress any further. Reckon you should pass it.
CC: (none) => tarazed25
Since no one else is forthcoming, I'm going to give this an OK based on Comments 3 and 4. If that is a problem, please let us know. Validating.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0029.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED