[Git][security-tracker-team/security-tracker][master] Add CVE-2025-61594/ruby
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 31 10:00:39 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6fbbf48b by Salvatore Bonaccorso at 2025-12-31T10:59:54+01:00
Add CVE-2025-61594/ruby
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,7 +15,18 @@ CVE-2025-66723 (inMusic Brands Engine DJ 4.3.0 suffers from Insecure Permissions
CVE-2025-62753 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-61594 (URI is a module providing classes to handle Uniform Resource Identifie ...)
- TODO: check
+ - ruby3.3 <unfixed>
+ - ruby3.1 <removed>
+ - ruby2.7 <removed>
+ - rubygems <unfixed>
+ NOTE: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/
+ NOTE: Fixed by: https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68 (v1.0.4)
+ NOTE: Fixed by: https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad (v1.0.4)
+ NOTE: Fixed by: https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935 (v0.13.3)
+ NOTE: Fixed by: https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb (v0.13.3)
+ NOTE: Fixed by: https://github.com/ruby/uri/commit/23a9ade9b7a7445615d6850b6af5efd33fa169fd (v0.12.5)
+ NOTE: Fixed by: https://github.com/ruby/uri/commit/2f916039a2b20b6d6e704a3921bd43a79b81ac2d (v0.12.5)
+ NOTE: Relates to bypass/incomplete fix for CVE-2025-27221.
CVE-2025-59137 (Cross-Site Request Forgery (CSRF) vulnerability in eLEOPARD Behance Po ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-59131 (Cross-Site Request Forgery (CSRF) vulnerability in Hoernerfranz WP-Cal ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fbbf48bad30bd4af5ce90c645a2445434c3724a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fbbf48bad30bd4af5ce90c645a2445434c3724a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251231/d154b562/attachment.htm>
More information about the debian-security-tracker-commits
mailing list