Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted ruby2.7 2.7.4-1+deb11u5 (source) into oldstable-security
Date: Sun, 09 Mar 2025 22:00:19 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 09 Mar 2025 18:12:00 +0000
Source: ruby2.7
Architecture: source
Version: 2.7.4-1+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
 ruby2.7 (2.7.4-1+deb11u5) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * Fix CVE-2025-27219:
     The CGI::Cookie.parse method in the CGI library contains a
     potential Denial of Service (DoS) vulnerability.
     The method does not impose any limit on the length of the raw
     cookie value it processes. This oversight can lead to excessive
     resource consumption when parsing extremely large cookies.
   * Fix CVE-2025-27220:
     In the CGI gem, a Regular Expression Denial of Service (ReDoS)
     vulnerability exists in the Util#escapeElement method.
   * Fix CVE-2025-27221:
     In the URI gem for Ruby, the URI handling methods
     (URI.join, URI#merge, URI#+) have an inadvertent leakage of
     authentication credentials because userinfo is retained even
     after changing the host.
Checksums-Sha1:
 4c789888e9797b2746039d9b7a0db7282d85688b 2509 ruby2.7_2.7.4-1+deb11u5.dsc
 c3af416830ab3a87ca8b3fdc2b8fc99522baee39 10810480 ruby2.7_2.7.4.orig.tar.xz
 de63a1b6c4c2775c255954a15e3510a50f62f7fa 156392 ruby2.7_2.7.4-1+deb11u5.debian.tar.xz
 776d0520d86837acc916b6166f3c3fab52cfb18e 8758 ruby2.7_2.7.4-1+deb11u5_amd64.buildinfo
Checksums-Sha256:
 f06be31bbcfb813a2b13f398e70394950c0d8feaaa42421be399827baa360310 2509 ruby2.7_2.7.4-1+deb11u5.dsc
 a42c6089f82d9ab8dad2e72ba5b318f4177ff7bb17a584ae3834521e4f43c9b5 10810480 ruby2.7_2.7.4.orig.tar.xz
 10e695607bf520ef954402508f6c78d6eb6af1e49721521349e6ddbb7952bf3f 156392 ruby2.7_2.7.4-1+deb11u5.debian.tar.xz
 9b60e36bad6ab07eee0871e57296ed1a925ac3fd265bf88abc8d2a2baa3e2dae 8758 ruby2.7_2.7.4-1+deb11u5_amd64.buildinfo
Files:
 615df609a826531d24fcaf6e84cd2980 2509 ruby optional ruby2.7_2.7.4-1+deb11u5.dsc
 a66187d2e06edf92b45b03a840ba6570 10810480 ruby optional ruby2.7_2.7.4.orig.tar.xz
 8d4b4924a253d786adcf48e7a9e3fb0f 156392 ruby optional ruby2.7_2.7.4-1+deb11u5.debian.tar.xz
 47423b3b30c6f17209c96007ea51499b 8758 ruby optional ruby2.7_2.7.4-1+deb11u5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmfOC/MACgkQADoaLapB
CF9ADw/+Mz0VCVaEohf5y5Ux+5Q76TPRgodzb2GFWprIZMMi+Ue2GWejwI1n7n05
lqD3ccwIvIhrPC2cgioyA/wFihfL4vlmeHHJlBNisWD7XD5JjZxpo5dz/idF/Xoh
L0gNbJ1zmvnCXm0oqEAIQBc9ikzejuEGeICF51c0XEy9rmybix33PF6H5AguPwpE
uCX4GftDDSF5SaRQgU5u++iOFXfsOy0b9Xm5kim5trolV44/eDWC3ZkRuZ7M7R3F
4wi0JHQbHTuRBqQ/wHgJ2V7tW1deLlX7GoBuxktBZsoZHN45bNdJyUjM7YZJoznm
Mcvy74wyH5D8Ix2lHTZ9xL9VESARPtE2b8HBY0ZUNj//wQzzG46StSUvQ6xC4+pe
Kf6XAmhx8mW4Hr6Yqsrq/e9pGjr2ANUpcy4Pif0GkWlXRAPEv7NWM4cZuvDYAqOk
rOE/vwQ9aJ0HRGSs10CrFcgQD06wisgUDVCOH1qGX4oKjVaS4+9l6Q+k8+4EUjLs
d/8b+JCh92LBWp3hSYfJh15C+yBACm0+YvHwfN8uG++fdCavZ938YXZSpPWYdLlx
EQA/7+mdfh35/F3S9xGao8FenrXQh4Tj8ixRzYFrIXyH4gchgGHjHrSkfXlU+hdA
2jgd2H/j9aatuvaPwVDIKPbbf766Uphnap9ug2cye12zEpTUbxw=
=FDKi
-----END PGP SIGNATURE-----
News for package ruby2.7
