Debian Package Tracker
Register | Log in
Subscribe

rubygems

Choose email to subscribe with

general
  • source: rubygems (main)
  • version: 4.0.15-2
  • maintainer: Debian Ruby Team (archive) (DMD)
  • uploaders: Lucas Kanashiro [DMD]
  • arch: all
  • std-ver: 4.7.4
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 3.2.5-2
  • o-o-sec: 3.2.5-2+deb11u1
  • oldstable: 3.3.15-2+deb12u1
  • stable: 3.6.7-2
  • testing: 3.6.7-2
  • unstable: 4.0.15-2
versioned links
  • 3.2.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.2.5-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.3.15-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.6.7-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 4.0.15-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • bundler (1 bugs: 0, 1, 0, 0)
  • ruby-bundler
  • ruby-rubygems (3 bugs: 1, 1, 1, 0)
action needed
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2025-61594: URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.
Created: 2025-12-31 Last update: 2026-07-05 07:30
1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:
  • CVE-2025-61594: URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.
Created: 2025-12-31 Last update: 2026-07-05 07:30
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2026-06-02 Last update: 2026-07-06 22:47
Multiarch hinter reports 2 issue(s) normal
There are issues with the multiarch metadata for this package.
  • ruby-bundler could have its dependency on ruby annotated with :any
  • ruby-rubygems could have its dependency on ruby annotated with :any
Created: 2020-10-16 Last update: 2026-07-06 22:00
lintian reports 9 warnings normal
Lintian reports 9 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2026-07-05 Last update: 2026-07-05 10:48
1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:
  • CVE-2025-61594: (needs triaging) URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-31 Last update: 2026-07-05 07:30
1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:
  • CVE-2025-61594: (needs triaging) URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-31 Last update: 2026-07-05 07:30
testing migrations
  • excuses:
    • Migration status for rubygems (3.6.7-2 to 4.0.15-2): Will attempt migration (Any information below is purely informational)
    • Additional info (not blocking):
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/r/rubygems.html
    • ∙ ∙ Autopkgtest for rubygems/4.0.15-2: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
    • ∙ ∙ Reproduced on amd64 - info
    • ∙ ∙ Reproduced on arm64 - info
    • ∙ ∙ Reproduced on armhf - info
    • ∙ ∙ Reproduced on i386 - info
    • ∙ ∙ Required age reduced by 3 days because of autopkgtest
    • ∙ ∙ 2 days old (needed 2 days)
news
[rss feed]
  • [2026-07-05] Accepted rubygems 4.0.15-2 (source) into unstable (Simon Quigley)
  • [2026-07-02] Accepted rubygems 4.0.15-1 (source) into experimental (Simon Quigley)
  • [2025-06-24] Accepted rubygems 3.6.7-3~exp1 (source) into experimental (Nattan Ferreira) (signed by: Lucas Kanashiro)
  • [2025-05-31] Accepted rubygems 3.3.15-2+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Lucas Kanashiro)
  • [2025-05-12] Accepted rubygems 3.2.5-2+deb11u1 (source) into oldstable-security (Lucas Kanashiro)
  • [2025-04-12] rubygems 3.6.7-2 MIGRATED to testing (Debian testing watch)
  • [2025-04-09] Accepted rubygems 3.6.7-2 (source) into unstable (Antonio Terceiro)
  • [2025-04-08] Accepted rubygems 3.6.7-1 (source) into unstable (Antonio Terceiro)
  • [2025-03-28] rubygems 3.6.6-1 MIGRATED to testing (Debian testing watch)
  • [2025-03-25] Accepted rubygems 3.6.6-1 (source) into unstable (Antonio Terceiro)
  • [2025-01-29] rubygems 3.6.3-1 MIGRATED to testing (Debian testing watch)
  • [2025-01-24] Accepted rubygems 3.6.3-1 (source) into unstable (Antonio Terceiro)
  • [2023-10-22] rubygems 3.4.20-1 MIGRATED to testing (Debian testing watch)
  • [2023-10-19] Accepted rubygems 3.4.20-1 (source) into unstable (Antonio Terceiro)
  • [2023-10-16] Accepted rubygems 3.4.20-1~0 (source) into experimental (Antonio Terceiro)
  • [2023-01-03] rubygems 3.3.15-2 MIGRATED to testing (Debian testing watch)
  • [2023-01-01] Accepted rubygems 3.3.15-2 (source) into unstable (Lucas Nussbaum)
  • [2022-06-05] rubygems 3.3.15-1 MIGRATED to testing (Debian testing watch)
  • [2022-06-02] Accepted rubygems 3.3.15-1 (source) into unstable (Lucas Kanashiro)
  • [2022-01-31] rubygems 3.3.5-2 MIGRATED to testing (Debian testing watch)
  • [2022-01-28] Accepted rubygems 3.3.5-2 (source) into unstable (Antonio Terceiro)
  • [2022-01-21] Accepted rubygems 3.3.5-1 (source) into unstable (Lucas Kanashiro)
  • [2021-11-26] rubygems 3.2.27-3 MIGRATED to testing (Debian testing watch)
  • [2021-11-23] Accepted rubygems 3.2.27-3 (source) into unstable (Daniel Leidert)
  • [2021-10-20] rubygems 3.2.27-2 MIGRATED to testing (Debian testing watch)
  • [2021-10-17] Accepted rubygems 3.2.27-2 (source) into unstable (Antonio Terceiro)
  • [2021-09-27] rubygems 3.2.27-1 MIGRATED to testing (Debian testing watch)
  • [2021-09-24] Accepted rubygems 3.2.27-1 (source) into unstable (Lucas Kanashiro)
  • [2021-01-16] rubygems 3.2.5-2 MIGRATED to testing (Debian testing watch)
  • [2021-01-13] Accepted rubygems 3.2.5-2 (source) into unstable (Lucas Kanashiro)
  • 1
  • 2
bugs [bug history graph]
  • all: 12
  • RC: 1
  • I&N: 7
  • M&W: 4
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian (0, 9)
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • other distros
  • security tracker
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.6.7-2ubuntu2
  • patches for 3.6.7-2ubuntu2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing