[Git][security-tracker-team/security-tracker][master] Add CVE-2025-61594/ruby

Wed, 31 Dec 2025 02:00:50 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6fbbf48b by Salvatore Bonaccorso at 2025-12-31T10:59:54+01:00
Add CVE-2025-61594/ruby

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,18 @@ CVE-2025-66723 (inMusic Brands Engine DJ 4.3.0 suffers from 
Insecure Permissions
 CVE-2025-62753 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-61594 (URI is a module providing classes to handle Uniform Resource 
Identifie ...)
-       TODO: check
+       - ruby3.3 <unfixed>
+       - ruby3.1 <removed>
+       - ruby2.7 <removed>
+       - rubygems <unfixed>
+       NOTE: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/
+       NOTE: Fixed by: 
https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68 
(v1.0.4)
+       NOTE: Fixed by: 
https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad 
(v1.0.4)
+       NOTE: Fixed by: 
https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935 
(v0.13.3)
+       NOTE: Fixed by: 
https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb 
(v0.13.3)
+       NOTE: Fixed by: 
https://github.com/ruby/uri/commit/23a9ade9b7a7445615d6850b6af5efd33fa169fd 
(v0.12.5)
+       NOTE: Fixed by: 
https://github.com/ruby/uri/commit/2f916039a2b20b6d6e704a3921bd43a79b81ac2d 
(v0.12.5)
+       NOTE: Relates to bypass/incomplete fix for CVE-2025-27221.
 CVE-2025-59137 (Cross-Site Request Forgery (CSRF) vulnerability in eLEOPARD 
Behance Po ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-59131 (Cross-Site Request Forgery (CSRF) vulnerability in 
Hoernerfranz WP-Cal ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fbbf48bad30bd4af5ce90c645a2445434c3724a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fbbf48bad30bd4af5ce90c645a2445434c3724a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to