[Git][security-tracker-team/security-tracker][master] Add CVE-2025-25186/ruby

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 12 14:01:53 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab699d77 by Salvatore Bonaccorso at 2025-02-12T15:01:33+01:00
Add CVE-2025-25186/ruby

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -974,7 +974,13 @@ CVE-2025-25188 (Hickory DNS is a Rust based DNS client, server, and resolver. A
 	NOTE: https://github.com/hickory-dns/hickory-dns/security/advisories/GHSA-37wc-h8xc-5hc4
 	NOTE: Fixed by: https://github.com/hickory-dns/hickory-dns/commit/e118c6eec569f4340421f86ee0686714010c63e9 (0.24.3)
 CVE-2025-25186 (Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...)
-	TODO: check
+	- ruby3.3 <unfixed>
+	- ruby3.1 <removed>
+	NOTE: https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35 (v0.5.6)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3 (v0.4.19)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/cb92191b1ddce2d978d01b56a0883b6ecf0b1022 (v0.3.8)
+	NOTE: Net::IMAP embedded in src:ruby* source package
 CVE-2025-24892 (OpenProject is open-source, web-based project management software. In  ...)
 	NOT-FOR-US: OpenProject
 CVE-2025-24200 (An authorization issue was addressed with improved state management. T ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab699d77fc238c8645a0f8e727e084a9e58adcf5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab699d77fc238c8645a0f8e727e084a9e58adcf5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250212/3f0ffb0c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list