[Git][security-tracker-team/security-tracker][master] mark ruby3.1 as removed from unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 25 08:17:18 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a0e7209 by Salvatore Bonaccorso at 2025-04-25T09:16:51+02:00
mark ruby3.1 as removed from unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16868,7 +16868,7 @@ CVE-2025-27521 (Vulnerability of improper access permission in the process manag
 CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.jo ...)
 	{DLA-4082-1}
 	- ruby3.3 3.3.7-2
-	- ruby3.1 <unfixed> (bug #1103794)
+	- ruby3.1 <removed> (bug #1103794)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	- rubygems 3.6.6-1
@@ -16880,7 +16880,7 @@ CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods (
 CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of S ...)
 	{DLA-4082-1}
 	- ruby3.3 3.3.7-2
-	- ruby3.1 <unfixed> (bug #1103793)
+	- ruby3.1 <removed> (bug #1103793)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
@@ -16889,7 +16889,7 @@ CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denia
 CVE-2025-27219 (In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in  ...)
 	{DLA-4082-1}
 	- ruby3.3 3.3.7-2
-	- ruby3.1 <unfixed> (bug #1103792)
+	- ruby3.1 <removed> (bug #1103792)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml
@@ -56953,7 +56953,7 @@ CVE-2024-49761 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has
 	{DLA-4018-1}
 	- ruby3.3 3.3.6-1
 	- ruby3.2 <removed>
-	- ruby3.1 <unfixed> (bug #1103790)
+	- ruby3.1 <removed> (bug #1103790)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
@@ -72524,7 +72524,7 @@ CVE-2024-43398 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has
 	{DLA-4018-1}
 	- ruby3.3 3.3.5-1
 	- ruby3.2 <removed> (bug #1083191)
-	- ruby3.1 <unfixed> (bug #1083190)
+	- ruby3.1 <removed> (bug #1083190)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
@@ -78045,7 +78045,7 @@ CVE-2024-41946 (REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS
 	{DLA-4018-1}
 	- ruby3.3 3.3.5-1
 	- ruby3.2 <removed> (bug #1083191)
-	- ruby3.1 <unfixed> (bug #1083190)
+	- ruby3.1 <removed> (bug #1083190)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4
@@ -78068,7 +78068,7 @@ CVE-2024-41123 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has
 	{DLA-4018-1}
 	- ruby3.3 3.3.5-1
 	- ruby3.2 <removed> (bug #1083191)
-	- ruby3.1 <unfixed> (bug #1083190)
+	- ruby3.1 <removed> (bug #1083190)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6
@@ -81953,7 +81953,7 @@ CVE-2024-39908 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has
 	{DLA-4018-1}
 	- ruby3.3 3.3.5-1 (bug #1076766)
 	- ruby3.2 <removed> (bug #1076767)
-	- ruby3.1 <unfixed> (bug #1076768)
+	- ruby3.1 <removed> (bug #1076768)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/
@@ -101557,7 +101557,7 @@ CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git au
 CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...)
 	{DLA-4018-1}
 	- ruby3.2 <removed> (bug #1071627)
-	- ruby3.1 <unfixed> (bug #1071626)
+	- ruby3.1 <removed> (bug #1071626)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
@@ -119947,7 +119947,7 @@ CVE-2020-36825 (** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability h
 CVE-2024-27281 (An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in ...)
 	{DSA-5677-1 DLA-3858-1}
 	- ruby3.2 <removed> (bug #1067802)
-	- ruby3.1 <unfixed> (bug #1067803)
+	- ruby3.1 <removed> (bug #1067803)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
 	NOTE: https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
@@ -119956,7 +119956,7 @@ CVE-2024-27281 (An issue was discovered in RDoc 6.3.3 through 6.6.2, as distribu
 CVE-2024-27280 (A buffer-overread issue was discovered in StringIO 3.0.1, as distribut ...)
 	{DSA-5677-1 DLA-3858-1}
 	- ruby3.2 <not-affected> (Fixed before initial upload to Debian)
-	- ruby3.1 <unfixed> (bug #1069966)
+	- ruby3.1 <removed> (bug #1069966)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
 	NOTE: https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
@@ -182403,7 +182403,7 @@ CVE-2023-28757
 	RESERVED
 CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...)
 	{DLA-3858-1 DLA-3447-1 DLA-3408-1}
-	- ruby3.1 <unfixed> (bug #1038408)
+	- ruby3.1 <removed> (bug #1038408)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
@@ -182420,7 +182420,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0
 	- rubygems 3.4.20-1
 	[bookworm] - rubygems <no-dsa> (Minor issue)
 	[bullseye] - rubygems <no-dsa> (Minor issue)
-	- ruby3.1 <unfixed> (bug #1038408)
+	- ruby3.1 <removed> (bug #1038408)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a0e7209c6dd4df45d76b002a4891cc8aa7d3888

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a0e7209c6dd4df45d76b002a4891cc8aa7d3888
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250425/61832350/attachment.htm>

More information about the debian-security-tracker-commits mailing list