Debian Quality Assurance

ruby3.3 (3.3.8-2) [PTS] [DDPO]

OLD: VCS is behind the version in the archive: 3.3.8-1 < 3.3.8-2.

• Git: https://salsa.debian.org/ruby-team/ruby.git
• JSON
  Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
  For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
  The next upload will reset the information from the source package headers.
• Branch: debian/unstable
• Path: debian/changelog
• Repo size: 4501504
• Browser: https://salsa.debian.org/ruby-team/ruby
• Last scan: 2025-09-09 19:32:18+00
• Next scan: 2025-09-17 18:50:00+00
• Merge requests: 3
• CI pipeline status: canceled
• Debian changelog in Git:

  ruby3.3 (3.3.8-1) unstable; urgency=medium
  
    * New upstream release.
      - Fix CVE-2025-25186 in net-imap.
      - Fix CVE-2025-27221 in URI.
        + d/p/CVE-2025-27221_*.patch: kept to fix the same issue in URI
          vendorized version in lib/{rubygems,bundler}.
      - Fix CVE-2025-27219 and CVE-2025-27220 in CGI.
        + d/p/CVE-2025-272{19,20}.patch: removed.
    * d/control: make libruby3.3 depend on versioned ruby-{csv,ruby2-keywords}.
      Those 2 gems used to have the same version in libruby3.1 and in their
      own source packages, and when a user tried to upgrade from bookworm to
      trixie the libruby3.1 was kept because it would satisfy the depedencies
      without installing a new package.
      Adding them with a version constraint to avoid keeping libruby3.1 around
      after the upgrade to ruby3.3. (Closes: #1099067)
  
   -- Lucas Kanashiro <kanashiro@debian.org>  Thu, 10 Apr 2025 15:59:06 -0300

• This branch is 5 commits ahead of tag debian/3.3.8-1
• Git log:

  commit e68b1c4cc43194526503fc11d3fcba802138e320
  Author: Lucas Nussbaum <lucas@debian.org>
  Date:   Tue Sep 9 20:32:29 2025 +0200
  
      debian/gbp.conf: normalize
  
  commit 5e7bbcc0b8bb772c6ee2d00a57ee24d21ebaa848
  Author: Lucas Nussbaum <lucas@debian.org>
  Date:   Tue Sep 9 20:22:54 2025 +0200
  
      debian/salsa-ci.yml: switch to team-specific include
  
  commit edbc2c91df6a83a77d26449dc99ac59da8055c99
  Author: Lucas Nussbaum <lucas@debian.org>
  Date:   Mon Aug 25 18:48:24 2025 +0200
  
      debian/gbp.conf: update for DEP-14 migration
  
  commit aa2d95192839be91b6e5aaffa315022fe2114a7f
  Author: Antonio Terceiro <terceiro@debian.org>
  Date:   Thu Apr 24 17:53:43 2025 -0300
  
      libruby3.3: bump versioned dependencies on ruby-did-you-mean and ruby-webrick
      
      These should also help with upgrades from bookworm
  
  commit 5b85bbedb5d955b80bf0e963f2496b217735eaee
  Author: Antonio Terceiro <terceiro@debian.org>
  Date:   Thu Apr 24 17:48:46 2025 -0300
  
      libruby3.3: drop dependencies on ruby-test-unit and ruby-minitest
      
      This helps upgrades from bookworm, given that those used to be provided
      by libruby3.1 but are no longer provided by libruby3.3, and those
      dependencies cause libruby3.1* to be kept around on upgrades. These
      packages are only needed for development, and for building packages
      gem2deb-test-runner already depend on both of those anyway.

Package: JSON [Main page]

---

Back to the Debian Project homepage.

---