1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES.DEVE

  • Accepted ruby3.3 3.3.7-2 (source) into unstable

    From Debian FTP Masters@21:1/5 to All on Thu Apr 10 04:40:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Wed, 09 Apr 2025 15:42:58 -0300
    Source: ruby3.3
    Architecture: source
    Version: 3.3.7-2
    Distribution: unstable
    Urgency: medium
    Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
    Changed-By: Lucas Kanashiro <kanashiro@debian.org>
    Closes: 1093972
    Changes:
    ruby3.3 (3.3.7-2) unstable; urgency=medium
    .
    * Fix CVE-2025-27221.
    The URI handling methods (URI.join, URI#merge, URI#+) have an
    inadvertent leakage of authentication credentials because userinfo is
    retained even after changing the host.
    - d/p/CVE-2025-27221_*.patch
    * Fix CVE-2025-27220.
    In the CGI gem, a Regular Expression Denial of Service (ReDoS)
    vulnerability exists in the Util#escapeElement method.
    - d/p/CVE-2025-27220.patch
    * Fix CVE-2025-27219.
    In the CGI gem, the CGI::Cookie.parse method in the CGI library contains
    a potential Denial of Service (DoS) vulnerability. The method does not
    impose any limit on the length of the raw cookie value it processes.
    This oversight can lead to excessive resource consumption when parsing
    extremely large cookies.
    - d/p/CVE-2025-27219.patch
    * d/libruby3.3.symbols: update symbols for multiple architectures
    (Closes: #1093972). Thanks to John Paul Adrian Glaubitz!
    Checksums-Sha1:
    a223c72d58a65832a8313047571b4d74e1e6f353 2592 ruby3.3_3.3.7-2.dsc
    537eb9477c3ae1e5361ee1d9aa03114108e9511d 14696248 ruby3.3_3.3.7.orig.tar.xz
    2a1ca186779614965bc4fb22504213286fd2aa6e 65644 ruby3.3_3.3.7-2.debian.tar.xz
    c8ef1252e42c1e68fb30758cd23bd0fe4cbb2c0f 5979 ruby3.3_3.3.7-2_source.buildinfo Checksums-Sha256:
    f53b3f11e43512ef39e6f8e73e596d57ef7736254338320ea474ddb0047e77e6 2592 ruby3.3_3.3.7-2.dsc
    09587dad1449407eeb7d596a1848e3cc1357cc82df693e02a4e063d43d158180 14696248 ruby3.3_3.3.7.orig.tar.xz
    26075c1942987878b1056898040fa3ae356f65778486844f17571b388501efcb 65644 ruby3.3_3.3.7-2.debian.tar.xz
    72fb3531fe97df976b3666f78216610021532a00600100a9517b603be1ac766e 5979 ruby3.3_3.3.7-2_source.buildinfo
    Files:
    6bb06e7925cd04bb56d1caba09cd8226 2592 ruby optional ruby3.3_3.3.7-2.dsc
    2aec84d0e80ce08172bb9d7c74321908 14696248 ruby optional ruby3.3_3.3.7.orig.tar.xz
    2f7dc68b94ac6b72d578ddb372bcec71 65644 ruby optional ruby3.3_3.3.7-2.debian.tar.xz
    7bd7d417e077474b5801e9142352e2fb 5979 ruby optional ruby3.3_3.3.7-2_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJJBAEBCgAzFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmf3IJgVHGthbmFzaGly b0BkZWJpYW4ub3JnAAoJEPgjonKYg8l8oyAP/iJNB5VJh9ZwwRFa/WhPxyVYE7LO uqt4/JK9kli11/OEo+9A3rmsD1suCwgfrh0cskyyTLiyFOb8wRNgiGCF/XnapRYh mTQHsvhIipjP29EGmv73dTNz0x3z2gy1bdOvWpFCXt1jR7WxncfPJB/dVIllElxf VNyg3fMhbUGLWKQbsk2RbF0F3Q50M9K6rfVjaNF1K73uSB4urxQBBXxf7AhH8XjJ r7vZHsxyw8xCawo7ERiUSEfDtQs/tAdMb+HW0N56sBjkriOF+Ohj30wFOOPoIbgq ROiAt0qbfZtqnlBA9gvtk3uNL1DokBl6OAf0vhpSmWsChaQRS8w5pif52drkLO+f EWMIW6D84I5WXv5TEmnnc54MBeEXdZTjlM+T9KtPCrVXzVag4rg6ZV1fhMTNJ96T QYXHzg8fC+moD8/Qrj+AC630kmoK5w/cIS2ZDJ+RUn8+PeHxdKPk/GBJIMRUEzEV WT2acacPzCpheoXNd5l9A0se/guaNsfZqd48B3zo+jw8J484Qe5GIDv7qCYm9QZ+ sJlmy4Gg06v9tx8cC5attJ5cc03ubc5gTsqaANfrEtotlAHf5yg4exgwGO2ZWkfF XRhr0nCE7get0WueAM+nNBRyXQZ4Mqp7fPxHFzFPpcCMtFMvQawcCoPTFg1T1VSE uV8VK0xHRVBvX0ed
    =4RB8
    -----END PGP SIGNATURE-----


    --==============I84226026080733914=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ/culgAKCRCb9qggYcy5 IfzYAQC42kUeB/6/ue3MavWANxr3Et7JLb69nZe1+zVGch3bogEA+sYGgMvWfR7f SyP+IxLDy1JhRPxqsTr1LtTFl36miQA=wzTG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)