vcswatch reports that
there is an error with this package's VCS, or the debian/changelog file inside
it. Please check the error shown below and try to fix it. You might have
to update the VCS URL in the debian/control file to point to the correct
repository.
error: RPC failed; HTTP 502 curl 22 The requested URL returned error: 502
fatal: expected 'acknowledgments'
1 issue left for the package maintainer to handle:
CVE-2022-24065:
(needs triaging)
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Among the 2 debian patches
available in version 2.6.0-2 of the package,
we noticed the following issues:
2 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.7.3 instead of
4.7.2).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/c/cookiecutter.png){kind=link}