Control: tags -1 patch
I am uploading a NMU to fix this.
Please find the debdiff attached.
diff -Nru ruby-rack-session-2.1.0/debian/changelog ruby-rack-session-2.1.1/debian/changelog
--- ruby-rack-session-2.1.0/debian/changelog 2025-03-08 16:10:24.000000000 +0100
+++ ruby-rack-session-2.1.1/debian/changelog 2025-07-15 13:10:44.000000000 +0200
@@ -1,3 +1,10 @@
+ruby-rack-session (2.1.1-0.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream version 2.1.1. (Closes: #1104928, CVE-2025-46336)
+
+ -- Bastian Germann <
bage@debian.org> Tue, 15 Jul 2025 13:10:44 +0200
+
ruby-rack-session (2.1.0-1) unstable; urgency=medium
* New upstream version 2.1.0.
diff -Nru ruby-rack-session-2.1.0/lib/rack/session/pool.rb ruby-rack-session-2.1.1/lib/rack/session/pool.rb
--- ruby-rack-session-2.1.0/lib/rack/session/pool.rb 2025-01-04 08:40:54.000000000 +0100
+++ ruby-rack-session-2.1.1/lib/rack/session/pool.rb 2025-05-06 12:54:57.000000000 +0200
@@ -53,6 +53,7 @@
def write_session(req, session_id, new_session, options)
@mutex.synchronize do
+ return false unless get_session_with_fallback(session_id)
@pool.store session_id.pri