-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 10 Apr 2025 15:59:06 -0300
Source: ruby3.3
Architecture: source
Version: 3.3.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Lucas Kanashiro <kanashiro@debian.org>
Closes: 1099067
Changes:
ruby3.3 (3.3.8-1) unstable; urgency=medium
.
* New upstream release.
- Fix CVE-2025-25186 in net-imap.
- Fix CVE-2025-27221 in URI.
+ d/p/CVE-2025-27221_*.patch: kept to fix the same issue in URI
vendorized version in lib/{rubygems,bundler}.
- Fix CVE-2025-27219 and CVE-2025-27220 in CGI.
+ d/p/CVE-2025-272{19,20}.patch: removed.
* d/control: make libruby3.3 depend on versioned ruby-{csv,ruby2-keywords}.
Those 2 gems used to have the same version in libruby3.1 and in their
own source packages, and when a user tried to upgrade from bookworm to
trixie the libruby3.1 was kept because it would satisfy the depedencies
without installing a new package.
Adding them with a version constraint to avoid keeping libruby3.1 around
after the upgrade to ruby3.3. (Closes: #1099067)
Checksums-Sha1:
5e94045f2f09fe1c42b49eef24187e01c5918c8e 2592 ruby3.3_3.3.8-1.dsc
4a0bba7c1d1e718391014b226d308cc1336eba5e 14507672 ruby3.3_3.3.8.orig.tar.xz
e0c9b358a920c64d23c6e1f1dac80baa1bdaa3ad 64516 ruby3.3_3.3.8-1.debian.tar.xz
Checksums-Sha256:
4fd9d7f628eb82afe2252494548522dba30ec717d3c3caab54f1ef4b280d8a42 2592 ruby3.3_3.3.8-1.dsc
e2e1233ad275b7623a05edf23a01192626d1da454bdfe353a28a87acd8ef015c 14507672 ruby3.3_3.3.8.orig.tar.xz
1feb62bdb13da504c93835803e4c1b5b432169892da499a815f10eeb061a495c 64516 ruby3.3_3.3.8-1.debian.tar.xz
Files:
ee787da402d85fde62f640f9bf614e94 2592 ruby optional ruby3.3_3.3.8-1.dsc
313ddd79a513aeeebfcc4bf10b55c861 14507672 ruby optional ruby3.3_3.3.8.orig.tar.xz
006097ef6c83ab5e29caf0bfd0497d6d 64516 ruby optional ruby3.3_3.3.8-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmf4MNsVHGthbmFzaGly
b0BkZWJpYW4ub3JnAAoJEPgjonKYg8l87BUQAIq3YCQD5XWjPxhOGxxuuvw8l3yC
lrEhZXeUd8PgAn1Kqx0SQV2iF8ktFkF3/FuLf2PWBVqGmpokaFa/on1EXt7D0iCU
USAp/01YWLU4FDTReYvWkM868ZOdXwqqlHLceeU8JT7vUv6dCPvDmiiD2bB5vc9+
Ur8ELRIcl1dQCGMehWtaGtv6cJpl2ndES4Suk90Dzxq/z3L6F8ycGlJ2zAVgqhrz
0vbwQgKnUh9a32XpPvQno1H2Yh+aH+4KKpXt3ONcZC+WsDgkbcSDXEIzwAldtsQn
Wkzz2tZC5xayCPk6RFUuhr8ie+q4fRuBtSNGX1E9uAz4C5uC+mmRkffLp43aWSeN
0xB5cy1C0Z6Qi2DhGHUu9HEn+CgNd8dOd4R36oonnJejttIjtyTAVPzewLjSRdfO
qKEv5wpJCioCjxrGLslAYe+Jpk2zogUJE380eNnfaMC/KZyRpEZOwg0LP2dt7+XA
vNezUbZwjTMoEiTsw5dKa6iu77RxwOzf2iyRDunVGDB8qe8zjdvm7gy5nPKVAlZS
hOkbxGzqYKtMeRYBJoXUYUOtpgE7U7LdXiyV4IH+0FAcHBcUnOso7MkB1l0Kp/2c
Jde0nEQyb6syMPQNKPXKoMFsoHfZ97mImElPZGcxgITZpVYZLl9LfNRgzws+2/58
OncVxTn6nCaT3LJO
=sFE9
-----END PGP SIGNATURE-----
Attachment:
pgpdxdSkoAnjh.pgp
Description: PGP signature