Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a0e7209 by Salvatore Bonaccorso at 2025-04-25T09:16:51+02:00
mark ruby3.1 as removed from unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16868,7 +16868,7 @@ CVE-2025-27521 (Vulnerability of improper access
permission in the process manag
CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.jo ...)
{DLA-4082-1}
- ruby3.3 3.3.7-2
- - ruby3.1 <unfixed> (bug #1103794)
+ - ruby3.1 <removed> (bug #1103794)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
- rubygems 3.6.6-1
@@ -16880,7 +16880,7 @@ CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby,
the URI handling methods (
CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a Regular Expression
Denial of S ...)
{DLA-4082-1}
- ruby3.3 3.3.7-2
- - ruby3.1 <unfixed> (bug #1103793)
+ - ruby3.1 <removed> (bug #1103793)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
@@ -16889,7 +16889,7 @@ CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a
Regular Expression Denia
CVE-2025-27219 (In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse
method in ...)
{DLA-4082-1}
- ruby3.3 3.3.7-2
- - ruby3.1 <unfixed> (bug #1103792)
+ - ruby3.1 <removed> (bug #1103792)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml
@@ -56953,7 +56953,7 @@ CVE-2024-49761 (REXML is an XML toolkit for Ruby. The
REXML gem before 3.3.9 has
{DLA-4018-1}
- ruby3.3 3.3.6-1
- ruby3.2 <removed>
- - ruby3.1 <unfixed> (bug #1103790)
+ - ruby3.1 <removed> (bug #1103790)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
@@ -72524,7 +72524,7 @@ CVE-2024-43398 (REXML is an XML toolkit for Ruby. The
REXML gem before 3.3.6 has
{DLA-4018-1}
- ruby3.3 3.3.5-1
- ruby3.2 <removed> (bug #1083191)
- - ruby3.1 <unfixed> (bug #1083190)
+ - ruby3.1 <removed> (bug #1083190)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
@@ -78045,7 +78045,7 @@ CVE-2024-41946 (REXML is an XML toolkit for Ruby. The
REXML gem 3.3.2 has a DoS
{DLA-4018-1}
- ruby3.3 3.3.5-1
- ruby3.2 <removed> (bug #1083191)
- - ruby3.1 <unfixed> (bug #1083190)
+ - ruby3.1 <removed> (bug #1083190)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4
@@ -78068,7 +78068,7 @@ CVE-2024-41123 (REXML is an XML toolkit for Ruby. The
REXML gem before 3.3.2 has
{DLA-4018-1}
- ruby3.3 3.3.5-1
- ruby3.2 <removed> (bug #1083191)
- - ruby3.1 <unfixed> (bug #1083190)
+ - ruby3.1 <removed> (bug #1083190)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6
@@ -81953,7 +81953,7 @@ CVE-2024-39908 (REXML is an XML toolkit for Ruby. The
REXML gem before 3.3.1 has
{DLA-4018-1}
- ruby3.3 3.3.5-1 (bug #1076766)
- ruby3.2 <removed> (bug #1076767)
- - ruby3.1 <unfixed> (bug #1076768)
+ - ruby3.1 <removed> (bug #1076768)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/
@@ -101557,7 +101557,7 @@ CVE-2024-35183 (wolfictl is a command line tool for
working with Wolfi. A git au
CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6
has a den ...)
{DLA-4018-1}
- ruby3.2 <removed> (bug #1071627)
- - ruby3.1 <unfixed> (bug #1071626)
+ - ruby3.1 <removed> (bug #1071626)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
- ruby2.5 <removed>
@@ -119947,7 +119947,7 @@ CVE-2020-36825 (** UNSUPPORTED WHEN ASSIGNED ** **
DISPUTED ** A vulnerability h
CVE-2024-27281 (An issue was discovered in RDoc 6.3.3 through 6.6.2, as
distributed in ...)
{DSA-5677-1 DLA-3858-1}
- ruby3.2 <removed> (bug #1067802)
- - ruby3.1 <unfixed> (bug #1067803)
+ - ruby3.1 <removed> (bug #1067803)
- ruby2.7 <removed>
- ruby2.5 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
@@ -119956,7 +119956,7 @@ CVE-2024-27281 (An issue was discovered in RDoc 6.3.3
through 6.6.2, as distribu
CVE-2024-27280 (A buffer-overread issue was discovered in StringIO 3.0.1, as
distribut ...)
{DSA-5677-1 DLA-3858-1}
- ruby3.2 <not-affected> (Fixed before initial upload to Debian)
- - ruby3.1 <unfixed> (bug #1069966)
+ - ruby3.1 <removed> (bug #1069966)
- ruby2.7 <removed>
- ruby2.5 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
@@ -182403,7 +182403,7 @@ CVE-2023-28757
RESERVED
CVE-2023-28756 (A ReDoS issue was discovered in the Time component through
0.2.1 in Ru ...)
{DLA-3858-1 DLA-3447-1 DLA-3408-1}
- - ruby3.1 <unfixed> (bug #1038408)
+ - ruby3.1 <removed> (bug #1038408)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
- ruby2.5 <removed>
@@ -182420,7 +182420,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the
URI component through 0.12.0
- rubygems 3.4.20-1
[bookworm] - rubygems <no-dsa> (Minor issue)
[bullseye] - rubygems <no-dsa> (Minor issue)
- - ruby3.1 <unfixed> (bug #1038408)
+ - ruby3.1 <removed> (bug #1038408)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
- ruby2.5 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a0e7209c6dd4df45d76b002a4891cc8aa7d3888
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a0e7209c6dd4df45d76b002a4891cc8aa7d3888
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
