[ubuntu/plucky-proposed] ruby3.3 3.3.7-1ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Mar 4 17:39:23 UTC 2025
ruby3.3 (3.3.7-1ubuntu2) plucky; urgency=medium
* SECURITY UPDATE: DoS in net-imap response parser
- debian/patches/CVE-2025-25186.patch: limit number of UIDs in
.bundle/gems/net-imap-0.4.9.1/lib/net/imap/response_parser.rb.
- CVE-2025-25186
* SECURITY UPDATE: DoS in CGI Gem
- debian/patches/CVE-2025-27219.patch: use String#concat instead of
String#+ for reducing cpu usage in lib/cgi/cookie.rb.
- CVE-2025-27219
* SECURITY UPDATE: ReDoS in CGI Gem
- debian/patches/CVE-2025-27220.patch: escape/unescape unclosed tags as
well in lib/cgi/util.rb, test/cgi/test_cgi_util.rb.
- CVE-2025-27220
* SECURITY UPDATE: credential leak in URI gem
- debian/patches/CVE-2025-27221-1.patch: truncate userinfo in
lib/uri/generic.rb, test/uri/test_generic.rb.
- debian/patches/CVE-2025-27221-2.patch: fix merger of URI with
authority component in lib/uri/generic.rb, test/uri/test_generic.rb.
- CVE-2025-27221
Date: Tue, 04 Mar 2025 10:40:05 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ruby3.3/3.3.7-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Tue, 04 Mar 2025 10:40:05 -0500
Source: ruby3.3
Built-For-Profiles: noudeb
Architecture: source
Version: 3.3.7-1ubuntu2
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
ruby3.3 (3.3.7-1ubuntu2) plucky; urgency=medium
.
* SECURITY UPDATE: DoS in net-imap response parser
- debian/patches/CVE-2025-25186.patch: limit number of UIDs in
.bundle/gems/net-imap-0.4.9.1/lib/net/imap/response_parser.rb.
- CVE-2025-25186
* SECURITY UPDATE: DoS in CGI Gem
- debian/patches/CVE-2025-27219.patch: use String#concat instead of
String#+ for reducing cpu usage in lib/cgi/cookie.rb.
- CVE-2025-27219
* SECURITY UPDATE: ReDoS in CGI Gem
- debian/patches/CVE-2025-27220.patch: escape/unescape unclosed tags as
well in lib/cgi/util.rb, test/cgi/test_cgi_util.rb.
- CVE-2025-27220
* SECURITY UPDATE: credential leak in URI gem
- debian/patches/CVE-2025-27221-1.patch: truncate userinfo in
lib/uri/generic.rb, test/uri/test_generic.rb.
- debian/patches/CVE-2025-27221-2.patch: fix merger of URI with
authority component in lib/uri/generic.rb, test/uri/test_generic.rb.
- CVE-2025-27221
Checksums-Sha1:
1d43eea472c929e4fe9fdf6d5a709bad1d3b44ca 2670 ruby3.3_3.3.7-1ubuntu2.dsc
2731c74ed058692256444c500621a8974897daa8 69580 ruby3.3_3.3.7-1ubuntu2.debian.tar.xz
86b58dfa730c068cffcf9db409e3081deccba718 7320 ruby3.3_3.3.7-1ubuntu2_source.buildinfo
Checksums-Sha256:
5e7f878141432735f8e5487035bd4b3f8fb2be309b6e55ce8a2798c3f1e0bf9b 2670 ruby3.3_3.3.7-1ubuntu2.dsc
0e1aeae14aefb874396c9077f1cd19e0ff3ed8c0631f7d6e88ee3d0b4dbdd1a9 69580 ruby3.3_3.3.7-1ubuntu2.debian.tar.xz
959403bbb007535d568bbf3eac9c6a796341a06f3c517d8d4bfa3e44a46a748a 7320 ruby3.3_3.3.7-1ubuntu2_source.buildinfo
Files:
ddb1a9d3049fb1837794768cd031914c 2670 ruby optional ruby3.3_3.3.7-1ubuntu2.dsc
40b45c094623bddb3ebdfc41fe403279 69580 ruby optional ruby3.3_3.3.7-1ubuntu2.debian.tar.xz
6d0e0fa715f49a3f327457e8e8527f74 7320 ruby optional ruby3.3_3.3.7-1ubuntu2_source.buildinfo
Original-Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
More information about the plucky-changes
mailing list