[DRE-maint] ruby3.3_3.3.8-1_source.changes ACCEPTED into unstable

Thu Apr 10 22:30:40 BST 2025

Thank you for your contribution to Debian.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 10 Apr 2025 15:59:06 -0300
Source: ruby3.3
Architecture: source
Version: 3.3.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Lucas Kanashiro <kanashiro at debian.org>
Closes: 1099067
Changes:
 ruby3.3 (3.3.8-1) unstable; urgency=medium
 .
   * New upstream release.
     - Fix CVE-2025-25186 in net-imap.
     - Fix CVE-2025-27221 in URI.
       + d/p/CVE-2025-27221_*.patch: kept to fix the same issue in URI
         vendorized version in lib/{rubygems,bundler}.
     - Fix CVE-2025-27219 and CVE-2025-27220 in CGI.
       + d/p/CVE-2025-272{19,20}.patch: removed.
   * d/control: make libruby3.3 depend on versioned ruby-{csv,ruby2-keywords}.
     Those 2 gems used to have the same version in libruby3.1 and in their
     own source packages, and when a user tried to upgrade from bookworm to
     trixie the libruby3.1 was kept because it would satisfy the depedencies
     without installing a new package.
     Adding them with a version constraint to avoid keeping libruby3.1 around
     after the upgrade to ruby3.3. (Closes: #1099067)
Checksums-Sha1:
 5e94045f2f09fe1c42b49eef24187e01c5918c8e 2592 ruby3.3_3.3.8-1.dsc
 4a0bba7c1d1e718391014b226d308cc1336eba5e 14507672 ruby3.3_3.3.8.orig.tar.xz
 e0c9b358a920c64d23c6e1f1dac80baa1bdaa3ad 64516 ruby3.3_3.3.8-1.debian.tar.xz
Checksums-Sha256:
 4fd9d7f628eb82afe2252494548522dba30ec717d3c3caab54f1ef4b280d8a42 2592 ruby3.3_3.3.8-1.dsc
 e2e1233ad275b7623a05edf23a01192626d1da454bdfe353a28a87acd8ef015c 14507672 ruby3.3_3.3.8.orig.tar.xz
 1feb62bdb13da504c93835803e4c1b5b432169892da499a815f10eeb061a495c 64516 ruby3.3_3.3.8-1.debian.tar.xz
Files:
 ee787da402d85fde62f640f9bf614e94 2592 ruby optional ruby3.3_3.3.8-1.dsc
 313ddd79a513aeeebfcc4bf10b55c861 14507672 ruby optional ruby3.3_3.3.8.orig.tar.xz
 006097ef6c83ab5e29caf0bfd0497d6d 64516 ruby optional ruby3.3_3.3.8-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmf4MNsVHGthbmFzaGly
b0BkZWJpYW4ub3JnAAoJEPgjonKYg8l87BUQAIq3YCQD5XWjPxhOGxxuuvw8l3yC
lrEhZXeUd8PgAn1Kqx0SQV2iF8ktFkF3/FuLf2PWBVqGmpokaFa/on1EXt7D0iCU
USAp/01YWLU4FDTReYvWkM868ZOdXwqqlHLceeU8JT7vUv6dCPvDmiiD2bB5vc9+
Ur8ELRIcl1dQCGMehWtaGtv6cJpl2ndES4Suk90Dzxq/z3L6F8ycGlJ2zAVgqhrz
0vbwQgKnUh9a32XpPvQno1H2Yh+aH+4KKpXt3ONcZC+WsDgkbcSDXEIzwAldtsQn
Wkzz2tZC5xayCPk6RFUuhr8ie+q4fRuBtSNGX1E9uAz4C5uC+mmRkffLp43aWSeN
0xB5cy1C0Z6Qi2DhGHUu9HEn+CgNd8dOd4R36oonnJejttIjtyTAVPzewLjSRdfO
qKEv5wpJCioCjxrGLslAYe+Jpk2zogUJE380eNnfaMC/KZyRpEZOwg0LP2dt7+XA
vNezUbZwjTMoEiTsw5dKa6iu77RxwOzf2iyRDunVGDB8qe8zjdvm7gy5nPKVAlZS
hOkbxGzqYKtMeRYBJoXUYUOtpgE7U7LdXiyV4IH+0FAcHBcUnOso7MkB1l0Kp/2c
Jde0nEQyb6syMPQNKPXKoMFsoHfZ97mImElPZGcxgITZpVYZLl9LfNRgzws+2/58
OncVxTn6nCaT3LJO
=sFE9
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20250410/fc67da9a/attachment.sig>