Your message dated Tue, 10 Feb 2026 15:48:59 +0000
with message-id <[email protected]>
and subject line Bug#1123966: fixed in ruby-httparty 0.24.2-2
has caused the Debian Bug report #1123966,
regarding ruby-httparty: CVE-2025-68696
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1123966: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123966
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby-httparty
Version: 0.21.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ruby-httparty.
CVE-2025-68696[0]:
| httparty is an API tool. In versions 0.23.2 and prior, httparty is
| vulnerable to SSRF. This issue can pose a risk of leaking API keys,
| and it can also allow third parties to issue requests to internal
| servers. This issue has been patched via commit 0529bcd.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-68696
https://www.cve.org/CVERecord?id=CVE-2025-68696
[1]
https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4
[2]
https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-httparty
Source-Version: 0.24.2-2
Done: Cédric Boutillier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ruby-httparty, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Cédric Boutillier <[email protected]> (supplier of updated ruby-httparty
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 Feb 2026 13:50:10 +0100
Source: ruby-httparty
Architecture: source
Version: 0.24.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team
<[email protected]>
Changed-By: Cédric Boutillier <[email protected]>
Closes: 1123966
Changes:
ruby-httparty (0.24.2-2) unstable; urgency=medium
.
* Mention that this upstream version fixes CVE-2025-68696.
Changelog entry updated accordingly. (Closes: #1123966)
Checksums-Sha1:
9b3c846d8e5d119c56cf443b972ca83200b992bb 1540 ruby-httparty_0.24.2-2.dsc
ee9fbb165d114f8ace47a2233dd753a8d51f2eec 108805
ruby-httparty_0.24.2.orig.tar.gz
4a3b8358206aca34a449aa57b5ee80a361ff0d09 6868
ruby-httparty_0.24.2-2.debian.tar.xz
58c5d44e713e475ed1efd984ba832fc074c76e18 6275
ruby-httparty_0.24.2-2_amd64.buildinfo
Checksums-Sha256:
9bf5177739899cf5239cb28051d00a07efa1507e12d2bfceb366b915c662261e 1540
ruby-httparty_0.24.2-2.dsc
8dddb5186f2dfc3cc6c8236333d6495e91b25f0dd6979f83770041a3638b619d 108805
ruby-httparty_0.24.2.orig.tar.gz
63e94d7827dd83e51220294503b79abb4f2073495acf2fe025badcfd81e09809 6868
ruby-httparty_0.24.2-2.debian.tar.xz
d7287832b3e1c84b0b0d129f91b74f6908cd596e9d76067c265cccf5a7b8cc8c 6275
ruby-httparty_0.24.2-2_amd64.buildinfo
Files:
cfe2bf35f1a492fca245240d6eb7ce8d 1540 ruby optional ruby-httparty_0.24.2-2.dsc
093f388edc1f85db6072d6bf760371ec 108805 ruby optional
ruby-httparty_0.24.2.orig.tar.gz
fd453fff19fb90a9b0f9ed1aad3442cd 6868 ruby optional
ruby-httparty_0.24.2-2.debian.tar.xz
ce1d7b96feeb83f0d4434e474016b4cd 6275 ruby optional
ruby-httparty_0.24.2-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSEz/3CFSD4gwbsKdFSaZq2P58rwwUCaYtQxAAKCRBSaZq2P58r
w7D3AQD/WJ5hhFQ208pdQHz9JQ6m9oZoSUhdTl3AG/R6FaBeJgEAtqge89IzeYSv
0QJceCRmXcaZgN6KV2FCZmEfpV9C7Qo=
=T4cF
-----END PGP SIGNATURE-----
pgpR6wmd2XDkP.pgp
Description: PGP signature
--- End Message ---
