[Git][security-tracker-team/security-tracker][master] ruby3.2 removed from sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Feb 1 21:45:57 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80002221 by Moritz Muehlenhoff at 2025-02-01T22:45:23+01:00
ruby3.2 removed from sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7593,7 +7593,7 @@ CVE-2025-0328 (A vulnerability, which was classified as critical, has been found
 	NOT-FOR-US: KaiYuanTong ECT Platform
 CVE-2025-0306 (A vulnerability was found in Ruby. The Ruby interpreter is vulnerable  ...)
 	- ruby3.3 <not-affected> (All versions of Ruby 3.3 used OpenSSL 3.2 since initial upload)
-	- ruby3.2 <unfixed>
+	- ruby3.2 <removed>
 	- ruby3.1 3.1.2-8.4
 	[bookworm] - ruby3.1 <ignored> (Minor issue and requires OpenSSL 3.2, which is not in Bookworm)
 	- ruby2.7 <removed>
@@ -28461,7 +28461,7 @@ CVE-2024-49771 (MPXJ is an open source library to read and write project plans f
 CVE-2024-49761 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReD ...)
 	{DLA-4018-1}
 	- ruby3.3 <unfixed>
-	- ruby3.2 <unfixed>
+	- ruby3.2 <removed>
 	- ruby3.1 <unfixed>
 	- ruby2.7 <removed>
 	NOTE: https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
@@ -43938,7 +43938,7 @@ CVE-2024-43780 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.
 CVE-2024-43398 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS ...)
 	{DLA-4018-1}
 	- ruby3.3 3.3.5-1
-	- ruby3.2 <unfixed> (bug #1083191)
+	- ruby3.2 <removed> (bug #1083191)
 	- ruby3.1 <unfixed> (bug #1083190)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
@@ -49451,7 +49451,7 @@ CVE-2024-41961 (Elektra is an opinionated Openstack Dashboard for Operators and
 CVE-2024-41946 (REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulner ...)
 	{DLA-4018-1}
 	- ruby3.3 3.3.5-1
-	- ruby3.2 <unfixed> (bug #1083191)
+	- ruby3.2 <removed> (bug #1083191)
 	- ruby3.1 <unfixed> (bug #1083190)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
@@ -49474,7 +49474,7 @@ CVE-2024-41144 (Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7
 CVE-2024-41123 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some  ...)
 	{DLA-4018-1}
 	- ruby3.3 3.3.5-1
-	- ruby3.2 <unfixed> (bug #1083191)
+	- ruby3.2 <removed> (bug #1083191)
 	- ruby3.1 <unfixed> (bug #1083190)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
@@ -53347,7 +53347,7 @@ CVE-2024-3232 (A formula injection vulnerability exists in Tenable Identity Expo
 CVE-2024-39908 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some  ...)
 	{DLA-4018-1}
 	- ruby3.3 3.3.5-1 (bug #1076766)
-	- ruby3.2 <unfixed> (bug #1076767)
+	- ruby3.2 <removed> (bug #1076767)
 	- ruby3.1 <unfixed> (bug #1076768)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
@@ -72891,7 +72891,7 @@ CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git au
 	NOT-FOR-US: wolfictl
 CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...)
 	{DLA-4018-1}
-	- ruby3.2 <unfixed> (bug #1071627)
+	- ruby3.2 <removed> (bug #1071627)
 	- ruby3.1 <unfixed> (bug #1071626)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
@@ -80549,7 +80549,7 @@ CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition a
 	NOTE: https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f (v2.2.0)
 CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplie ...)
 	{DSA-5677-1 DLA-3858-1}
-	- ruby3.2 <unfixed> (bug #1069968)
+	- ruby3.2 <removed> (bug #1069968)
 	- ruby3.1 3.1.2-8.5 (bug #1069969)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
@@ -91274,7 +91274,7 @@ CVE-2020-36825 (** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability h
 	NOT-FOR-US: cyberaz0r WebRAT
 CVE-2024-27281 (An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in ...)
 	{DSA-5677-1 DLA-3858-1}
-	- ruby3.2 <unfixed> (bug #1067802)
+	- ruby3.2 <removed> (bug #1067802)
 	- ruby3.1 <unfixed> (bug #1067803)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80002221faacdf45bfc69985dafca858b9f001b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80002221faacdf45bfc69985dafca858b9f001b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250201/f52bfbdb/attachment.htm>

More information about the debian-security-tracker-commits mailing list