Release date:
2026-06-12 13:05:49 UTC
Description:
* SECURITY UPDATE: cgi and uri vulnerabilities in the bundled gems
- debian/patches/CVE-2025-27219.patch: CGI::Cookie.parse merged repeated
cookie names with an allocating array `+`, giving O(n^2) work and a DoS
on crafted Cookie headers; merge in place with concat instead.
- debian/patches/CVE-2025-27220.patch: CGI::Util#escapeElement and
#unescapeElement used a lazy-backtracking regex vulnerable to ReDoS;
replace with possessive/atomic forms that also handle unclosed tags.
- debian/patches/CVE-2025-61594.patch: URI::Generic#merge / + leaked the
base URI's password when only the host changed (bypass of
CVE-2025-27221); clear userinfo atomically via authority accessors.
- CVE-2025-27219
- CVE-2025-27220
- CVE-2025-61594
Updated packages:
-
alt-ruby30_3.0.7-174_amd64.deb
sha:7ec087ee20b68610b51819bbdd5e888b8538a855
-
alt-ruby30-default-gems_3.0.7-174_amd64.deb
sha:b987b928824e4d2bad98df7bd919d3fb551cc35e
-
alt-ruby30-devel_3.0.7-174_amd64.deb
sha:e947c1954842fd1f61ac64473ba2989064916eb8
-
alt-ruby30-doc_3.0.7-174_amd64.deb
sha:d588ea3576664bfcf7777da5bd9edd0894745aa8
-
alt-ruby30-libs_3.0.7-174_amd64.deb
sha:fda086a4dc3688d4f59c9d8e322b505fdfae9db2
-
alt-ruby30-rubygem-bigdecimal_3.0.0-174_amd64.deb
sha:57678505e24a3bcb6057141ec17cd98100c40b4b
-
alt-ruby30-rubygem-bundler_2.2.33-174_amd64.deb
sha:fa99ede128deb067b85c1b3f38e06bacfed21e99
-
alt-ruby30-rubygem-io-console_0.5.7-174_amd64.deb
sha:a07b7e26aef77c223dbf59cec04d406c85f2a311
-
alt-ruby30-rubygem-irb_1.3.5-174_amd64.deb
sha:cf9dd16bc3708240ebf8e2ecbb8e349be2466f9c
-
alt-ruby30-rubygem-json_2.5.1-174_amd64.deb
sha:856fdd9477d4d30def16cfc02da3bb9b8e6dbced
-
alt-ruby30-rubygem-minitest_5.14.2-174_amd64.deb
sha:2bc5a60a9aa0ef3b35fd3c652d8a681a2d648024
-
alt-ruby30-rubygem-power-assert_1.2.1-174_amd64.deb
sha:93de03f6acafde162067a7572125ee9030b361bb
-
alt-ruby30-rubygem-psych_3.3.2-174_amd64.deb
sha:a2237150ad3436c5e44028729f218b8297acdbb2
-
alt-ruby30-rubygem-rake_13.0.3-174_amd64.deb
sha:ad2ad6ac804de3c1c45d7e96534f89594b6e2848
-
alt-ruby30-rubygem-rbs_1.4.0-174_amd64.deb
sha:c99af8e135acc4dc428303f411819a1b346fd650
-
alt-ruby30-rubygem-rdoc_6.3.4.1-174_amd64.deb
sha:1ad515ca25b5ec684123bdb0a1c8558dd8bdab61
-
alt-ruby30-rubygem-rexml_3.2.5-174_amd64.deb
sha:4d39165db52c942457444195bd3c2dac2a75cd2c
-
alt-ruby30-rubygem-rss_0.2.9-174_amd64.deb
sha:c529580f34040574a391e96e83193f08f20c3050
-
alt-ruby30-rubygem-test-unit_3.3.7-174_amd64.deb
sha:0f7a3df1f393f03a3964f559d3df76af8cd3a49a
-
alt-ruby30-rubygem-typeprof_0.15.2-174_amd64.deb
sha:ee93e7f653763d1ec9411182d537d06315fbcfb6
-
alt-ruby30-rubygems_3.2.33-174_amd64.deb
sha:82c3692e16cdfe76d8258cc3726a18770fa9398a
-
alt-ruby30-rubygems-devel_3.2.33-174_amd64.deb
sha:5538befe824db71e7485bb2a868d89e5eddc8d65
-
alt-ruby30_3.0.7-174_arm64.deb
sha:e7d6b13472e19176a82dfb750c65cf91b421f9e1
-
alt-ruby30-default-gems_3.0.7-174_arm64.deb
sha:5526a2efd6ffbe81d5b718be14b980fbadaa76f0
-
alt-ruby30-devel_3.0.7-174_arm64.deb
sha:ca91c84ad5412cc1cc1665e972d168e4eba690a1
-
alt-ruby30-doc_3.0.7-174_arm64.deb
sha:410675060dabe9e85ec625b88097fc3656f68d2b
-
alt-ruby30-libs_3.0.7-174_arm64.deb
sha:d6d505080de1330555957686ab7122a5c1f6605b
-
alt-ruby30-rubygem-bigdecimal_3.0.0-174_arm64.deb
sha:51e82c8d3f17c4f2dcfa47bb03c703a75d086d48
-
alt-ruby30-rubygem-bundler_2.2.33-174_arm64.deb
sha:ac030f7f31e7b41236e8d8a1fb164e947fbe6571
-
alt-ruby30-rubygem-io-console_0.5.7-174_arm64.deb
sha:35fe5bca1f6333d56481ef24eccd357b289a7e44
-
alt-ruby30-rubygem-irb_1.3.5-174_arm64.deb
sha:95b3404c51728bdf8a3b82c002675ef241f9f352
-
alt-ruby30-rubygem-json_2.5.1-174_arm64.deb
sha:81e638de30d0d6199245a219d079ec9346b8470b
-
alt-ruby30-rubygem-minitest_5.14.2-174_arm64.deb
sha:0a14e2046ac7c5a776d1b0ce063c7af17cc2ae0b
-
alt-ruby30-rubygem-power-assert_1.2.1-174_arm64.deb
sha:45c22ca40aa905a28ae88a7e72fa1ec04ff4af26
-
alt-ruby30-rubygem-psych_3.3.2-174_arm64.deb
sha:743913ed43694ba6400c26b26102f1d4d1762b59
-
alt-ruby30-rubygem-rake_13.0.3-174_arm64.deb
sha:08e525a0b05d68b2fa0536bcbc6d7eef2f7f97aa
-
alt-ruby30-rubygem-rbs_1.4.0-174_arm64.deb
sha:421cad7fd8b2c3acd7c2b1c950c5c8699c27dfe9
-
alt-ruby30-rubygem-rdoc_6.3.4.1-174_arm64.deb
sha:962e97013956246f8bac1c6d7e5d53009a81dede
-
alt-ruby30-rubygem-rexml_3.2.5-174_arm64.deb
sha:6190d146ca849ba7b6fc0204b3d0cd838ac48b84
-
alt-ruby30-rubygem-rss_0.2.9-174_arm64.deb
sha:ac4b704ec9a1dffd7a5cf2d95ce761cff417d9c7
-
alt-ruby30-rubygem-test-unit_3.3.7-174_arm64.deb
sha:ebccada873b1b255d4618c40056902150daa5622
-
alt-ruby30-rubygem-typeprof_0.15.2-174_arm64.deb
sha:e1608e60c68af40648afa0526f8875034b7a1bfb
-
alt-ruby30-rubygems_3.2.33-174_arm64.deb
sha:9ee3fe8e426dcc1ba0a8d266b028ea16eb561aa2
-
alt-ruby30-rubygems-devel_3.2.33-174_arm64.deb
sha:49e1d1c7ff83028d0c7d97575d80a0edbc817330
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
