Information on source package rubygems

Available versions

Release	Version
bullseye	3.2.5-2
bookworm	3.3.15-2
trixie	3.4.20-1
sid	3.4.20-1

Open issues

Bug	bullseye	bookworm	trixie	sid	Description
CVE-2023-28755	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...
CVE-2021-43809	vulnerable (no DSA)	fixed	fixed	fixed	`Bundler` is a package for managing application dependencies in Ruby. ...
CVE-2020-36327	vulnerable (no DSA, ignored)	fixed	fixed	fixed	Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...

Resolved issues

Bug	Description
CVE-2023-36617	A ReDoS issue was discovered in the URI component before 0.12.2 for Ru ...
CVE-2019-8325	An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...
CVE-2019-8324	An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...
CVE-2019-8323	An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem:: ...
CVE-2019-8322	An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ...
CVE-2019-8321	An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...
CVE-2019-8320	A Directory Traversal issue was discovered in RubyGems 2.7.6 and later ...
CVE-2018-1000079	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000078	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000077	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000076	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000075	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000074	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000073	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2017-0903	RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possibl ...
CVE-2017-0902	RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking v ...
CVE-2017-0901	RubyGems version 2.6.12 and earlier fails to validate specification na ...
CVE-2017-0900	RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...
CVE-2017-0899	RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...
CVE-2015-4020	RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4 ...
CVE-2015-3900	RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4 ...
CVE-2013-4363	Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION ...
CVE-2013-4287	Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...
CVE-2012-2126	RubyGems before 1.8.23 does not verify an SSL certificate, which allow ...
CVE-2012-2125	RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which m ...

Security announcements

DSA / DLA	Description
DLA-1336-1	rubygems - security update
DLA-1112-1	rubygems - security update