Register | Log in

bundler

Choose email to subscribe with

general

source: bundler (main)
version: 2.1.4-2~bpo10+1
maintainer: Debian Ruby Extras Maintainers (archive) (DMD)
uploaders: Utkarsh Gupta [DMD] – Scott Leggett [DMD] – Antonio Terceiro [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.7.4-1
oldstable: 1.13.6-2
stable: 1.17.3-3+deb10u1
stable-bpo: 2.1.4-2~bpo10+1

versioned links

1.7.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.13.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17.3-3+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.4-2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

bundler
ruby-bundler

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2016-7954: Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
CVE-2019-3881: Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.

Please fix them.

Created: 2016-10-05 Last update: 2020-12-10 04:31

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2016-7954: Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.

Please fix it.

Created: 2017-06-18 Last update: 2020-12-10 04:31

news

[2020-12-10] bundler REMOVED from testing (Debian testing watch)
[2020-10-13] Accepted bundler 2.1.4-3 (source) into unstable (Utkarsh Gupta)
[2020-07-03] Accepted bundler 2.1.4-2~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)
[2020-06-22] bundler 2.1.4-2 MIGRATED to testing (Debian testing watch)
[2020-06-19] Accepted bundler 2.1.4-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-05-19] Accepted bundler 1.17.3-3+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Andreas Beckmann)
[2020-02-15] bundler 2.1.4-1 MIGRATED to testing (Debian testing watch)
[2020-02-07] Accepted bundler 2.1.4-1 (source) into unstable (Utkarsh Gupta)
[2019-03-20] bundler 1.17.3-3 MIGRATED to testing (Debian testing watch)
[2019-03-09] Accepted bundler 1.17.3-3 (source) into unstable (Antonio Terceiro)
[2019-02-09] bundler 1.17.3-2 MIGRATED to testing (Debian testing watch)
[2019-02-06] Accepted bundler 1.17.3-2 (source) into unstable (Lucas Kanashiro)
[2019-02-06] bundler 1.17.3-1 MIGRATED to testing (Debian testing watch)
[2019-02-03] Accepted bundler 1.17.3-1 (source) into unstable (Antonio Terceiro)
[2018-07-25] bundler 1.16.1-3 MIGRATED to testing (Debian testing watch)
[2018-07-23] Accepted bundler 1.16.1-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2018-05-07] bundler 1.16.1-2 MIGRATED to testing (Debian testing watch)
[2018-05-04] Accepted bundler 1.16.1-2 (source) into unstable (Antonio Terceiro)
[2018-03-21] bundler 1.16.1-1 MIGRATED to testing (Debian testing watch)
[2018-03-15] Accepted bundler 1.16.1-1 (source) into unstable (Cédric Boutillier)
[2017-07-09] bundler 1.15.1-1 MIGRATED to testing (Debian testing watch)
[2017-07-03] Accepted bundler 1.15.1-1 (source) into unstable (Lucas Nussbaum)
[2016-12-19] bundler 1.13.6-2 MIGRATED to testing (Debian testing watch)
[2016-12-08] Accepted bundler 1.13.6-2 (source) into unstable (Christian Hofstaedtler)
[2016-12-06] bundler 1.12.5-4 MIGRATED to testing (Debian testing watch)
[2016-11-30] Accepted bundler 1.12.5-4 (source) into unstable (Christian Hofstaedtler)
[2016-07-19] bundler 1.12.5-3 MIGRATED to testing (Debian testing watch)
[2016-07-13] Accepted bundler 1.12.5-3 (source) into unstable (Christian Hofstaedtler)
[2016-07-12] bundler 1.12.5-2 MIGRATED to testing (Debian testing watch)
[2016-07-05] Accepted bundler 1.12.5-2 (source) into unstable (Christian Hofstaedtler)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.1.4-2
1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing