[DRE-maint] ruby3.3_3.3.7-2_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Apr 10 03:36:06 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 09 Apr 2025 15:42:58 -0300
Source: ruby3.3
Architecture: source
Version: 3.3.7-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Lucas Kanashiro <kanashiro at debian.org>
Closes: 1093972
Changes:
ruby3.3 (3.3.7-2) unstable; urgency=medium
.
* Fix CVE-2025-27221.
The URI handling methods (URI.join, URI#merge, URI#+) have an
inadvertent leakage of authentication credentials because userinfo is
retained even after changing the host.
- d/p/CVE-2025-27221_*.patch
* Fix CVE-2025-27220.
In the CGI gem, a Regular Expression Denial of Service (ReDoS)
vulnerability exists in the Util#escapeElement method.
- d/p/CVE-2025-27220.patch
* Fix CVE-2025-27219.
In the CGI gem, the CGI::Cookie.parse method in the CGI library contains
a potential Denial of Service (DoS) vulnerability. The method does not
impose any limit on the length of the raw cookie value it processes.
This oversight can lead to excessive resource consumption when parsing
extremely large cookies.
- d/p/CVE-2025-27219.patch
* d/libruby3.3.symbols: update symbols for multiple architectures
(Closes: #1093972). Thanks to John Paul Adrian Glaubitz!
Checksums-Sha1:
a223c72d58a65832a8313047571b4d74e1e6f353 2592 ruby3.3_3.3.7-2.dsc
537eb9477c3ae1e5361ee1d9aa03114108e9511d 14696248 ruby3.3_3.3.7.orig.tar.xz
2a1ca186779614965bc4fb22504213286fd2aa6e 65644 ruby3.3_3.3.7-2.debian.tar.xz
c8ef1252e42c1e68fb30758cd23bd0fe4cbb2c0f 5979 ruby3.3_3.3.7-2_source.buildinfo
Checksums-Sha256:
f53b3f11e43512ef39e6f8e73e596d57ef7736254338320ea474ddb0047e77e6 2592 ruby3.3_3.3.7-2.dsc
09587dad1449407eeb7d596a1848e3cc1357cc82df693e02a4e063d43d158180 14696248 ruby3.3_3.3.7.orig.tar.xz
26075c1942987878b1056898040fa3ae356f65778486844f17571b388501efcb 65644 ruby3.3_3.3.7-2.debian.tar.xz
72fb3531fe97df976b3666f78216610021532a00600100a9517b603be1ac766e 5979 ruby3.3_3.3.7-2_source.buildinfo
Files:
6bb06e7925cd04bb56d1caba09cd8226 2592 ruby optional ruby3.3_3.3.7-2.dsc
2aec84d0e80ce08172bb9d7c74321908 14696248 ruby optional ruby3.3_3.3.7.orig.tar.xz
2f7dc68b94ac6b72d578ddb372bcec71 65644 ruby optional ruby3.3_3.3.7-2.debian.tar.xz
7bd7d417e077474b5801e9142352e2fb 5979 ruby optional ruby3.3_3.3.7-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCgAzFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmf3IJgVHGthbmFzaGly
b0BkZWJpYW4ub3JnAAoJEPgjonKYg8l8oyAP/iJNB5VJh9ZwwRFa/WhPxyVYE7LO
uqt4/JK9kli11/OEo+9A3rmsD1suCwgfrh0cskyyTLiyFOb8wRNgiGCF/XnapRYh
mTQHsvhIipjP29EGmv73dTNz0x3z2gy1bdOvWpFCXt1jR7WxncfPJB/dVIllElxf
VNyg3fMhbUGLWKQbsk2RbF0F3Q50M9K6rfVjaNF1K73uSB4urxQBBXxf7AhH8XjJ
r7vZHsxyw8xCawo7ERiUSEfDtQs/tAdMb+HW0N56sBjkriOF+Ohj30wFOOPoIbgq
ROiAt0qbfZtqnlBA9gvtk3uNL1DokBl6OAf0vhpSmWsChaQRS8w5pif52drkLO+f
EWMIW6D84I5WXv5TEmnnc54MBeEXdZTjlM+T9KtPCrVXzVag4rg6ZV1fhMTNJ96T
QYXHzg8fC+moD8/Qrj+AC630kmoK5w/cIS2ZDJ+RUn8+PeHxdKPk/GBJIMRUEzEV
WT2acacPzCpheoXNd5l9A0se/guaNsfZqd48B3zo+jw8J484Qe5GIDv7qCYm9QZ+
sJlmy4Gg06v9tx8cC5attJ5cc03ubc5gTsqaANfrEtotlAHf5yg4exgwGO2ZWkfF
XRhr0nCE7get0WueAM+nNBRyXQZ4Mqp7fPxHFzFPpcCMtFMvQawcCoPTFg1T1VSE
uV8VK0xHRVBvX0ed
=4RB8
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20250410/e2577b68/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list