[Git][security-tracker-team/security-tracker][master] Add CVE-2025-43857/ruby (Net::IMAP embedded in ruby)

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0cd87aa6 by Salvatore Bonaccorso at 2025-05-01T09:10:56+02:00
Add CVE-2025-43857/ruby (Net::IMAP embedded in ruby)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -578,7 +578,28 @@ CVE-2025-45949 (A critical vulnerability was found in PHPGurukul User Registrati
 CVE-2025-45947 (An issue in phpgurukul Online Banquet Booking System V1.2 allows an at ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-43857 (Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...)
-	TODO: check
+	- ruby3.3 <unfixed>
+	- ruby3.1 <removed>
+	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
+	NOTE: https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mj
+	NOTE: https://github.com/ruby/net-imap/pull/444
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/0ae8576c1a90bcd9573f81bdad4b4b824642d105 (v0.5.7)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/b6bdee27a5cd38dd386042f43fec160840fe7562 (v0.5.7)
+	NOTE: https://github.com/ruby/net-imap/pull/445
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/ddcaabd4fecbd1b0d4b3202bc1befed685d06562 (v0.4.20)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/19bea631c31b82798a4047ac3a6737a41054e45a (v0.4.20)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/641c4c451e7c35f72726f7b19342c6de4143977c (v0.4.20)
+	NOTE: https://github.com/ruby/net-imap/pull/446
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/53ceba1e97cbc3ac4d141077732178cc8bc79476 (v0.3.9)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/158cfdff54f3961b0ec628136444e3b0b0bb1736 (v0.3.9)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/ae0fa010bb5e3c95b9beee31af607d4dba619d63 (v0.3.9)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/e0059251e854cb03d5209c682ba3484fcb6953cd (v0.3.9)
+	NOTE: https://github.com/ruby/net-imap/pull/447
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/20c16a2eaec1dc6775675abbd8f3f2c412e7533f (v0.2.5)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/5431e16b779254ad7b2786e4367bc04328418264 (v0.2.5)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/450bb4d757d9b9f2866ebd6e1efdd5d94a311b05 (v0.2.5)
+	NOTE: Fixed by: https://github.com/ruby/net-imap/commit/673cab874374670fca850dc0e16ddc62ee3b8a68 (v0.2.5)
+	NOTE: Net::IMAP embedded in src:ruby* source package
 CVE-2025-43854 (DIFY is an open-source LLM app development platform. Prior to version  ...)
 	NOT-FOR-US: Dify
 CVE-2025-42598 (Multiple SEIKO EPSON printer drivers for Windows OS are configured wit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cd87aa667b54171d63c0b7bf38f91dcee809dc1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cd87aa667b54171d63c0b7bf38f91dcee809dc1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250501/d3d08ae3/attachment.htm>