php-nesbot-carbon - Debian Package Tracker

general

source: php-nesbot-carbon (main)
version: 2.72.6-1
maintainer: Debian PHP PEAR Maintainers (archive) (DMD)
uploaders: Robin Gustafsson [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.27.0-1
oldstable: 2.32.2-1
stable: 2.65.0-1
testing: 2.72.6-1
unstable: 2.72.6-1

versioned links

1.27.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.32.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.65.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.72.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

php-nesbot-carbon

action needed

A new upstream version is available: 2.73.0 high

A new upstream version 2.73.0 is available, you should consider packaging it.

Created: 2025-02-15 Last update: 2025-02-20 16:30

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2025-22145: Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers. This vulnerability is fixed in 3.8.4 and 2.72.6.

Created: 2025-01-09 Last update: 2025-02-19 11:55

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2025-22145: Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers. This vulnerability is fixed in 3.8.4 and 2.72.6.

Created: 2025-01-09 Last update: 2025-02-19 11:55

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-02-01 Last update: 2025-02-20 20:34

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 7e6f8267f0edbadbd0b89bb410385582b10bb98c
Author: David Prévot <taffit@debian.org>
Date:   Sun Jan 26 14:52:37 2025 +0100

    Update d/changelog with security fix upstream

Created: 2025-01-26 Last update: 2025-02-14 08:00

debian/patches: 4 patches to forward upstream low

Among the 9 debian patches available in version 2.72.6-1 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-01-27 11:21

news

[rss feed]

[2025-02-01] php-nesbot-carbon 2.72.6-1 MIGRATED to testing (Debian testing watch)
[2025-01-26] Accepted php-nesbot-carbon 2.72.6-1 (source) into unstable (David Prévot)
[2025-01-01] Accepted php-nesbot-carbon 2.69.0-5 (source) into unstable (Robin Gustafsson)
[2024-12-25] php-nesbot-carbon REMOVED from testing (Debian testing watch)
[2024-06-12] php-nesbot-carbon 2.69.0-4 MIGRATED to testing (Debian testing watch)
[2024-06-06] Accepted php-nesbot-carbon 2.69.0-4 (source) into unstable (Robin Gustafsson)
[2024-03-13] php-nesbot-carbon 2.69.0-3 MIGRATED to testing (Debian testing watch)
[2024-03-07] Accepted php-nesbot-carbon 2.69.0-3 (source) into unstable (David Prévot)
[2023-10-24] php-nesbot-carbon 2.69.0-2 MIGRATED to testing (Debian testing watch)
[2023-10-19] Accepted php-nesbot-carbon 2.69.0-2 (source) into unstable (Robin Gustafsson)
[2023-08-16] php-nesbot-carbon 2.69.0-1 MIGRATED to testing (Debian testing watch)
[2023-08-04] Accepted php-nesbot-carbon 2.69.0-1 (source) into unstable (Robin Gustafsson)
[2023-01-21] php-nesbot-carbon 2.65.0-1 MIGRATED to testing (Debian testing watch)
[2023-01-14] Accepted php-nesbot-carbon 2.65.0-1 (source) into unstable (Robin Gustafsson)
[2022-11-12] php-nesbot-carbon 2.63.0-1 MIGRATED to testing (Debian testing watch)
[2022-11-06] Accepted php-nesbot-carbon 2.63.0-1 (source) into unstable (Robin Gustafsson)
[2022-09-29] php-nesbot-carbon 2.59.1-2 MIGRATED to testing (Debian testing watch)
[2022-09-24] Accepted php-nesbot-carbon 2.59.1-2 (source) into unstable (David Prévot)
[2022-07-27] php-nesbot-carbon 2.59.1-1 MIGRATED to testing (Debian testing watch)
[2022-07-21] Accepted php-nesbot-carbon 2.59.1-1 (source) into unstable (Robin Gustafsson)
[2022-06-01] php-nesbot-carbon 2.58.0-1 MIGRATED to testing (Debian testing watch)
[2022-05-26] Accepted php-nesbot-carbon 2.58.0-1 (source) into unstable (David Prévot)
[2022-03-15] php-nesbot-carbon 2.55.2-2 MIGRATED to testing (Debian testing watch)
[2022-03-09] Accepted php-nesbot-carbon 2.55.2-2 (source) into unstable (Robin Gustafsson)
[2022-01-07] php-nesbot-carbon 2.55.2-1 MIGRATED to testing (Debian testing watch)
[2022-01-01] Accepted php-nesbot-carbon 2.55.2-1 (source) into unstable (Robin Gustafsson)
[2020-04-23] php-nesbot-carbon 2.32.2-1 MIGRATED to testing (Debian testing watch)
[2020-04-18] Accepted php-nesbot-carbon 2.32.2-1 (source) into unstable (Robin Gustafsson) (signed by: David Prévot)
[2020-04-15] php-nesbot-carbon 2.30.0-1 MIGRATED to testing (Debian testing watch)
[2020-04-13] Accepted php-nesbot-carbon 2.30.0-1 (source) into unstable (Robin Gustafsson) (signed by: David Prévot)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci