[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add some notes to rubygems and claim it

[Lucas Kanashiro (@kanashiro)]

Lucas Kanashiro pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6695b648 by Lucas Kanashiro at 2025-04-07T20:53:20-03:00
data/dla-needed.txt: add some notes to rubygems and claim it

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -228,10 +228,12 @@ rails
   NOTE: 20250305: Utkarsh uploaded the CVE fixes to unstable via rails/7.2.2.1. (utkarsh)
   NOTE: 20250323: rails DSA has been released. (utkarsh)
 --
-rubygems
+rubygems (kanashiro)
   NOTE: 20250304: Added by Front-Desk (rouca)
   NOTE: 20250324: Need to update rubygems in sid to fix CVE-2025-27221.
   NOTE: 20250324: Asked most recent uploader about this.  (spwhitton)
+  NOTE: 20250407: CVE-2025-27221 is already fixed in src:rubygems/sid,trixie. (kanashiro)
+  NOTE: 20250407: It needs to be fixed in src:ruby3.3 (there are 3 copies of the uri gem, affected by this CVE). (kanashiro)
 --
 shadow
   NOTE: 20250105: Added by Front-Desk (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6695b648818b7675f3635dc1fb8451e4087c5459

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6695b648818b7675f3635dc1fb8451e4087c5459
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250407/b9a20677/attachment-0001.htm>