Subject: CVS commit: pkgsrc/www/ruby-puma
From: Takahiro Kambe
Date: 2024-09-22 14:37:41
Message id: 20240922123741.75850FC74@cvs.NetBSD.org
Log Message:
www/ruby-puma: update to 6.4.3

6.4.3 (2024-09-19)

Security

* Discards any headers using underscores if the non-underscore version also
  exists.  Without this, an attacker could overwrite values set by
  intermediate proxies (e.g. X-Forwarded-For).
  (CVE-2024-45614/GHSA-9hf4-67fc-4vf4)
Files:
RevisionActionfile
1.45modifypkgsrc/www/ruby-puma/Makefile
1.41modifypkgsrc/www/ruby-puma/distinfo