-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 17 Apr 2025 22:54:07 -0300 Source: rubygems Architecture: source Version: 3.3.15-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Ruby Team Changed-By: Lucas Kanashiro Changes: rubygems (3.3.15-2+deb12u1) bookworm; urgency=medium . * Fix CVE-2025-27221. The URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. - d/p/CVE-2025-27221_*.patch * Fix CVE-2023-28755. A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. - d/p/CVE-2023-28755.patch Checksums-Sha1: cfa8d7403a448b3ed56105c6e6d55d34fb5964ed 2314 rubygems_3.3.15-2+deb12u1.dsc 9d12957c320a8aa150df4d0e2ddf21cadd1be660 12943776 rubygems_3.3.15.orig.tar.gz d7c6be2ef27c1a81cf6a391528b3087d0c5b7a88 10340 rubygems_3.3.15-2+deb12u1.debian.tar.xz c76bc660ccdbbf4afb38051f10841d99d696aabb 12313 rubygems_3.3.15-2+deb12u1_source.buildinfo Checksums-Sha256: 14d4b0a136e441b667381e6a4571219ef691982ce0dd07bd20b22950ed29272a 2314 rubygems_3.3.15-2+deb12u1.dsc 8bd1cf20cab30da77a123e26a438fa8b22d0bf152db5aff9c9d9ccdab40102c4 12943776 rubygems_3.3.15.orig.tar.gz b941ed34a190af896c2144113706fe85574212f0939948db5d2604f0a6cd8ef1 10340 rubygems_3.3.15-2+deb12u1.debian.tar.xz a742e2fcc6f37b40bfa7680dcc0ce0e4d6f55f012ea972ace13f692238b96a57 12313 rubygems_3.3.15-2+deb12u1_source.buildinfo Files: 4639ad5e21d8d73f326bfeefba7a63f5 2314 ruby optional rubygems_3.3.15-2+deb12u1.dsc ebcadcfcf0fcdc8c90a9609fb8aa9865 12943776 ruby optional rubygems_3.3.15.orig.tar.gz b35e0e575f02b937c5d731618662b67e 10340 ruby optional rubygems_3.3.15-2+deb12u1.debian.tar.xz 54b2e70b93618e94291ffee84c4c0a58 12313 ruby optional rubygems_3.3.15-2+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCgAzFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmgh6lsVHGthbmFzaGly b0BkZWJpYW4ub3JnAAoJEPgjonKYg8l8jM8P/2kyWBGCMB3702QJzEumd4lE1omk M6iYGgXwT81mV5QjnoBzF5drJypPcvaL+k7p4ORupNiRGdSN5xnyWWXDdNv9nW8D SJGDOosbY3nuw6kF2pPw+zuSQMxuULp5ZXREBhRCcIFUypFHtVs0/hjyO2rFGstB DuaKMdP1Fw0pXayQEWWbPetSz0BgPYYmDufZzI0VqPwZRPY+3v6q0SGRUwtJmFH3 5uWe4WgDlorwnDi0riySyl2FXSuQfXPUgsuGVEgWuuyXk4yJuwQMrvDZXebBjBMF akuyrWQWBK8mpAqjuoxhn+yMAeP00zmQbj4DzQH1bTkL5JNXfPTRU5WCoZqCMF9m rsOJ4clzHsibw5vVpAZkMywa79NuynSJtds2TJNP+W07oZ/IVgwAxQo5E7oSqgID AHxEjRL/r1aqSbbs/l1+VsjCf1g0YipuGCBmPC56HehXnm1Gbz4JQA0WIp91vxis ao47ZwH2XZ2eUY7uywJujOpuzbxrwf+ulMXrIeRC91jIHZWtkCYwkFukIQQD0iAf TzDrOy1MZ8XKRnWm/1MlYz2GEb54WlNJPA38z+hBAMjOwukd8kymapZS4f4sVguo FQXhF1ybyRhDT8mM/iTu/4e6OkzGXklnKFc6iPFJtbBy2+1/CloASwbZXi2bMhh+ D5dHhUWBEL7HKxi/ =otnE -----END PGP SIGNATURE-----