Register | Log in

ruby2.7

Choose email to subscribe with

general

source: ruby2.7 (main)
version: 2.7.4-1+deb11u5
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Antonio Terceiro [DMD] – Utkarsh Gupta [DMD] – Lucas Kanashiro [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.7.4-1+deb11u1
o-o-sec: 2.7.4-1+deb11u5

versioned links

2.7.4-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7.4-1+deb11u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libruby2.7 (1 bugs: 0, 1, 0, 0)
ruby2.7
ruby2.7-dev
ruby2.7-doc

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:04:48
Last run: 2022-08-11T01:22:43.000Z
Previous status: unknown

testing: fail (log)
The tests ran in 0:06:37
Last run: 2022-03-14T05:20:47.000Z
Previous status: unknown

stable: pass (log)
The tests ran in 0:06:54
Last run: 2023-05-26T15:21:59.000Z
Previous status: unknown

Created: 2022-03-04 Last update: 2026-01-16 19:32

4 security issues in bullseye high

There are 4 open security issues in bullseye.

1 important issue:

CVE-2025-61594: URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Versions 0.12.5, 0.13.3, and 1.0.4 fix the issue.

2 issues postponed or untriaged:

CVE-2025-24294: (postponed; to be fixed through a stable update) The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
CVE-2025-58767: (postponed; to be fixed through a stable update) REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

1 ignored issue:

CVE-2025-0306: A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.

Created: 2025-12-31 Last update: 2025-12-31 14:32

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2022-28739: There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

Created: 2022-07-04 Last update: 2022-08-01 13:40

news

[2025-03-09] Accepted ruby2.7 2.7.4-1+deb11u5 (source) into oldstable-security (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-02-11] Accepted ruby2.7 2.7.4-1+deb11u4 (source) into oldstable-security (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-01-17] Accepted ruby2.7 2.7.4-1+deb11u3 (source) into oldstable-security (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2024-09-02] Accepted ruby2.7 2.7.4-1+deb11u2 (source) into oldstable-security (Sylvain Beucler)
[2022-08-15] Removed 2.7.5-1 from unstable (Debian FTP Masters)
[2022-03-17] ruby2.7 REMOVED from testing (Debian testing watch)
[2022-02-13] Accepted ruby2.7 2.7.4-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2022-02-03] Accepted ruby2.7 2.7.4-1+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2021-12-12] Accepted ruby2.7 2.7.5-1 (source) into unstable (Utkarsh Gupta)
[2021-07-19] ruby2.7 2.7.4-1 MIGRATED to testing (Debian testing watch)
[2021-07-08] Accepted ruby2.7 2.7.4-1 (source) into unstable (Utkarsh Gupta)
[2021-04-25] ruby2.7 2.7.3-2 MIGRATED to testing (Debian testing watch)
[2021-04-20] Accepted ruby2.7 2.7.3-2 (source) into unstable (Antonio Terceiro)
[2021-04-17] Accepted ruby2.7 2.7.3-1 (source) into unstable (Utkarsh Gupta)
[2021-02-08] ruby2.7 2.7.2-4 MIGRATED to testing (Debian testing watch)
[2021-02-08] ruby2.7 2.7.2-4 MIGRATED to testing (Debian testing watch)
[2021-02-02] Accepted ruby2.7 2.7.2-4 (source) into unstable (Lucas Kanashiro)
[2020-11-03] ruby2.7 2.7.2-3 MIGRATED to testing (Debian testing watch)
[2020-10-30] Accepted ruby2.7 2.7.2-3 (source) into unstable (Lucas Kanashiro)
[2020-10-19] ruby2.7 2.7.2-2 MIGRATED to testing (Debian testing watch)
[2020-10-13] Accepted ruby2.7 2.7.2-2 (source) into unstable (Utkarsh Gupta)
[2020-10-12] Accepted ruby2.7 2.7.2-1 (source) into unstable (Utkarsh Gupta)
[2020-10-05] ruby2.7 2.7.1-4 MIGRATED to testing (Debian testing watch)
[2020-10-01] Accepted ruby2.7 2.7.1-4 (source) into unstable (Utkarsh Gupta)
[2020-05-14] ruby2.7 2.7.1-3 MIGRATED to testing (Debian testing watch)
[2020-05-11] Accepted ruby2.7 2.7.1-3 (source) into unstable (Lucas Kanashiro)
[2020-05-08] Accepted ruby2.7 2.7.1-2 (source) into unstable (Lucas Kanashiro)
[2020-05-07] Accepted ruby2.7 2.7.1-1 (source) into unstable (Lucas Kanashiro)
[2020-05-07] ruby2.7 2.7.0-7 MIGRATED to testing (Debian testing watch)
[2020-05-04] Accepted ruby2.7 2.7.0-7 (source) into unstable (Lucas Kanashiro)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
buildd: logs, cross
popcon
edit tags
security tracker
screenshots
debci

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing