ruby-csv (3.3.4-1) unstable; urgency=medium
 .
   * New upstream release.
ruby-csv (3.3.3-1) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Update standards version to 4.6.0, no changes needed.
   * Update standards version to 4.6.1, no changes needed.
 .
   [ Lucas Kanashiro ]
   * New upstream release.
   * Declare compliance with Debian Policy 4.7.1

ruby3.3 (3.3.8-1) unstable; urgency=medium
 .
   * New upstream release.
     - Fix CVE-2025-25186 in net-imap.
     - Fix CVE-2025-27221 in URI.
       + d/p/CVE-2025-27221_*.patch: kept to fix the same issue in URI
         vendorized version in lib/{rubygems,bundler}.
     - Fix CVE-2025-27219 and CVE-2025-27220 in CGI.
       + d/p/CVE-2025-272{19,20}.patch: removed.
   * d/control: make libruby3.3 depend on versioned ruby-{csv,ruby2-keywords}.
     Those 2 gems used to have the same version in libruby3.1 and in their
     own source packages, and when a user tried to upgrade from bookworm to
     trixie the libruby3.1 was kept because it would satisfy the depedencies
     without installing a new package.
     Adding them with a version constraint to avoid keeping libruby3.1 around
     after the upgrade to ruby3.3. (Closes: #1099067)
ruby3.3 (3.3.7-2) unstable; urgency=medium
 .
   * Fix CVE-2025-27221.
     The URI handling methods (URI.join, URI#merge, URI#+) have an
     inadvertent leakage of authentication credentials because userinfo is
     retained even after changing the host.
       - d/p/CVE-2025-27221_*.patch
   * Fix CVE-2025-27220.
     In the CGI gem, a Regular Expression Denial of Service (ReDoS)
     vulnerability exists in the Util#escapeElement method.
       - d/p/CVE-2025-27220.patch
   * Fix CVE-2025-27219.
     In the CGI gem, the CGI::Cookie.parse method in the CGI library contains
     a potential Denial of Service (DoS) vulnerability.  The method does not
     impose any limit on the length of the raw cookie value it processes.
     This oversight can lead to excessive resource consumption when parsing
     extremely large cookies.
       - d/p/CVE-2025-27219.patch
   * d/libruby3.3.symbols: update symbols for multiple architectures
    (Closes: #1093972). Thanks to John Paul Adrian Glaubitz!



REMOVED: jabsorb 1.3-5
REMOVED: qt5-style-kvantum 1.0.10-1
REMOVED: manaplus 2.1.3.17-8
REMOVED: node-mkdirp-classic 0.5.3-3