puma (3.6.0-1+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2019-16770: client could use keepalive requests to monopolize
    Puma's reactor and create a denial of service attack
  * Fix CVE-2020-5247: HTTP Response Splitting
  * Fix CVE-2022-23634: Puma did not always close the response body which could
    lead to information leakage.

 -- Markus Koschany <apo@debian.org>  Wed, 25 May 2022 16:03:03 +0200

puma (3.6.0-1+deb9u1) stretch-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * Fix CVE-2020-11076 and CVE-2020-11077 : misuse of invalid
    transfer-encoding header

 -- Abhijith PA <abhijith@debian.org>  Fri, 02 Oct 2020 23:06:04 +0530

puma (3.6.0-1) unstable; urgency=medium

  * Initial release (Closes: #720336)

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 10 Nov 2016 16:47:06 -0200
