[Git][security-tracker-team/security-tracker][master] new ruby issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1fb83f3 by Moritz Muehlenhoff at 2025-07-15T11:54:40+02:00
new ruby issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -512,7 +512,13 @@ CVE-2025-53871
 CVE-2025-53636 (Open OnDemand is an open-source HPC portal. Users can flood logs by in ...)
 	NOT-FOR-US: Open OnDemand
 CVE-2025-24294 (The attack vector is a potential Denial of Service (DoS). The vulnerab ...)
-	TODO: check
+	- ruby3.3 <unfixed>
+	- ruby3.1 <removed>
+	- ruby2.7 <removed>
+	NOTE: https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/
+	NOTE: https://github.com/ruby/resolv/commit/4c2f71b5e80826506f78417d85b38481c058fb25 (v0.6.2)
+	NOTE: https://github.com/ruby/resolv/commit/24ed513f028d8e5c76310fcdecf07f79eb721a32 (v0.3.1)
+	NOTE: https://github.com/ruby/resolv/commit/cde34cac9d87c37b33c19eede3ed49ac3f465a18 (v0.2.3)
 CVE-2025-1313 (The Nokri - Job Board WordPress Theme theme for WordPress is vulnerabl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-38648 (A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1fb83f31b04a64f513a897760581c1265f2ecd2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1fb83f31b04a64f513a897760581c1265f2ecd2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250715/20de90ab/attachment.htm>