Register | Log in

bundler

Choose email to subscribe with

general

source: bundler (main)
version: 2.1.4-2~bpo10+1
maintainer: Debian Ruby Extras Maintainers (archive) (DMD)
uploaders: Utkarsh Gupta [DMD] – Scott Leggett [DMD] – Antonio Terceiro [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.13.6-2
oldstable: 1.17.3-3+deb10u1
old-bpo: 2.1.4-2~bpo10+1

versioned links

1.13.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17.3-3+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.4-2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

bundler
ruby-bundler

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

2 low-priority security issues in buster low

There are 2 open security issues in buster.

1 issue left for the package maintainer to handle:

CVE-2020-36327: (needs triaging) Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:

CVE-2016-7954: Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.

Created: 2021-02-19 Last update: 2021-12-05 06:30

news

[2020-12-10] bundler REMOVED from testing (Debian testing watch)
[2020-10-13] Accepted bundler 2.1.4-3 (source) into unstable (Utkarsh Gupta)
[2020-07-03] Accepted bundler 2.1.4-2~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)
[2020-06-22] bundler 2.1.4-2 MIGRATED to testing (Debian testing watch)
[2020-06-19] Accepted bundler 2.1.4-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-05-19] Accepted bundler 1.17.3-3+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Andreas Beckmann)
[2020-02-15] bundler 2.1.4-1 MIGRATED to testing (Debian testing watch)
[2020-02-07] Accepted bundler 2.1.4-1 (source) into unstable (Utkarsh Gupta)
[2019-03-20] bundler 1.17.3-3 MIGRATED to testing (Debian testing watch)
[2019-03-09] Accepted bundler 1.17.3-3 (source) into unstable (Antonio Terceiro)
[2019-02-09] bundler 1.17.3-2 MIGRATED to testing (Debian testing watch)
[2019-02-06] Accepted bundler 1.17.3-2 (source) into unstable (Lucas Kanashiro)
[2019-02-06] bundler 1.17.3-1 MIGRATED to testing (Debian testing watch)
[2019-02-03] Accepted bundler 1.17.3-1 (source) into unstable (Antonio Terceiro)
[2018-07-25] bundler 1.16.1-3 MIGRATED to testing (Debian testing watch)
[2018-07-23] Accepted bundler 1.16.1-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2018-05-07] bundler 1.16.1-2 MIGRATED to testing (Debian testing watch)
[2018-05-04] Accepted bundler 1.16.1-2 (source) into unstable (Antonio Terceiro)
[2018-03-21] bundler 1.16.1-1 MIGRATED to testing (Debian testing watch)
[2018-03-15] Accepted bundler 1.16.1-1 (source) into unstable (Cédric Boutillier)
[2017-07-09] bundler 1.15.1-1 MIGRATED to testing (Debian testing watch)
[2017-07-03] Accepted bundler 1.15.1-1 (source) into unstable (Lucas Nussbaum)
[2016-12-19] bundler 1.13.6-2 MIGRATED to testing (Debian testing watch)
[2016-12-08] Accepted bundler 1.13.6-2 (source) into unstable (Christian Hofstaedtler)
[2016-12-06] bundler 1.12.5-4 MIGRATED to testing (Debian testing watch)
[2016-11-30] Accepted bundler 1.12.5-4 (source) into unstable (Christian Hofstaedtler)
[2016-07-19] bundler 1.12.5-3 MIGRATED to testing (Debian testing watch)
[2016-07-13] Accepted bundler 1.12.5-3 (source) into unstable (Christian Hofstaedtler)
[2016-07-12] bundler 1.12.5-2 MIGRATED to testing (Debian testing watch)
[2016-07-05] Accepted bundler 1.12.5-2 (source) into unstable (Christian Hofstaedtler)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing