[Git][security-tracker-team/security-tracker][master] Add Debian bug references for ruby3.1 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 21 18:36:00 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62355db4 by Salvatore Bonaccorso at 2025-04-21T19:35:17+02:00
Add Debian bug references for ruby3.1 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15984,7 +15984,7 @@ CVE-2025-27521 (Vulnerability of improper access permission in the process manag
 CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.jo ...)
 	{DLA-4082-1}
 	- ruby3.3 3.3.7-2
-	- ruby3.1 <unfixed>
+	- ruby3.1 <unfixed> (bug #1103794)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	- rubygems 3.6.6-1
@@ -15996,7 +15996,7 @@ CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods (
 CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of S ...)
 	{DLA-4082-1}
 	- ruby3.3 3.3.7-2
-	- ruby3.1 <unfixed>
+	- ruby3.1 <unfixed> (bug #1103793)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
@@ -16005,7 +16005,7 @@ CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denia
 CVE-2025-27219 (In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in  ...)
 	{DLA-4082-1}
 	- ruby3.3 3.3.7-2
-	- ruby3.1 <unfixed>
+	- ruby3.1 <unfixed> (bug #1103792)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml
@@ -25392,7 +25392,7 @@ CVE-2025-25188 (Hickory DNS is a Rust based DNS client, server, and resolver. A
 	NOTE: Fixed by: https://github.com/hickory-dns/hickory-dns/commit/e118c6eec569f4340421f86ee0686714010c63e9 (0.24.3)
 CVE-2025-25186 (Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...)
 	- ruby3.3 3.3.8-1
-	- ruby3.1 <removed>
+	- ruby3.1 <removed> (bug #1103791)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69
 	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35 (v0.5.6)
@@ -56066,7 +56066,7 @@ CVE-2024-49761 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has
 	{DLA-4018-1}
 	- ruby3.3 <unfixed>
 	- ruby3.2 <removed>
-	- ruby3.1 <unfixed>
+	- ruby3.1 <unfixed> (bug #1103790)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62355db470dd3b2407784b61f0ddea039ed4ddd4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62355db470dd3b2407784b61f0ddea039ed4ddd4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250421/afbe42e2/attachment.htm>

More information about the debian-security-tracker-commits mailing list