Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
62355db4 by Salvatore Bonaccorso at 2025-04-21T19:35:17+02:00
Add Debian bug references for ruby3.1 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15984,7 +15984,7 @@ CVE-2025-27521 (Vulnerability of improper access
permission in the process manag
CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.jo ...)
{DLA-4082-1}
- ruby3.3 3.3.7-2
- - ruby3.1 <unfixed>
+ - ruby3.1 <unfixed> (bug #1103794)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
- rubygems 3.6.6-1
@@ -15996,7 +15996,7 @@ CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby,
the URI handling methods (
CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a Regular Expression
Denial of S ...)
{DLA-4082-1}
- ruby3.3 3.3.7-2
- - ruby3.1 <unfixed>
+ - ruby3.1 <unfixed> (bug #1103793)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
@@ -16005,7 +16005,7 @@ CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a
Regular Expression Denia
CVE-2025-27219 (In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse
method in ...)
{DLA-4082-1}
- ruby3.3 3.3.7-2
- - ruby3.1 <unfixed>
+ - ruby3.1 <unfixed> (bug #1103792)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml
@@ -25392,7 +25392,7 @@ CVE-2025-25188 (Hickory DNS is a Rust based DNS client,
server, and resolver. A
NOTE: Fixed by:
https://github.com/hickory-dns/hickory-dns/commit/e118c6eec569f4340421f86ee0686714010c63e9
(0.24.3)
CVE-2025-25186 (Net::IMAP implements Internet Message Access Protocol (IMAP)
client fu ...)
- ruby3.3 3.3.8-1
- - ruby3.1 <removed>
+ - ruby3.1 <removed> (bug #1103791)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
NOTE:
https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69
NOTE: Fixed by:
https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35
(v0.5.6)
@@ -56066,7 +56066,7 @@ CVE-2024-49761 (REXML is an XML toolkit for Ruby. The
REXML gem before 3.3.9 has
{DLA-4018-1}
- ruby3.3 <unfixed>
- ruby3.2 <removed>
- - ruby3.1 <unfixed>
+ - ruby3.1 <unfixed> (bug #1103790)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62355db470dd3b2407784b61f0ddea039ed4ddd4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62355db470dd3b2407784b61f0ddea039ed4ddd4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
