Debian Package Tracker
Register | Log in
Subscribe

bundler

Choose email to subscribe with

general
  • source: bundler (main)
  • version: 2.1.4-2~bpo10+1
  • maintainer: Debian Ruby Extras Maintainers (archive) (DMD)
  • uploaders: Utkarsh Gupta [DMD] – Scott Leggett [DMD] – Antonio Terceiro [DMD]
  • arch: all
  • std-ver: 4.5.0
  • VCS: Git (Browse)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.7.4-1
  • oldstable: 1.13.6-2
  • stable: 1.17.3-3+deb10u1
  • stable-bpo: 2.1.4-2~bpo10+1
versioned links
  • 1.7.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.13.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.17.3-3+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.1.4-2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • bundler
  • ruby-bundler
package is gone
This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.
action needed
2 ignored security issues in stretch low
There are 2 open security issues in stretch.
2 issues skipped by the security teams:
  • CVE-2016-7954: Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
  • CVE-2019-3881: Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Please fix them.
Created: 2016-10-05 Last update: 2020-12-10 04:31
1 ignored security issue in buster low
There is 1 open security issue in buster.
1 issue skipped by the security teams:
  • CVE-2016-7954: Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
Please fix it.
Created: 2017-06-18 Last update: 2020-12-10 04:31
news
[rss feed]
  • [2020-12-10] bundler REMOVED from testing (Debian testing watch)
  • [2020-10-13] Accepted bundler 2.1.4-3 (source) into unstable (Utkarsh Gupta)
  • [2020-07-03] Accepted bundler 2.1.4-2~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)
  • [2020-06-22] bundler 2.1.4-2 MIGRATED to testing (Debian testing watch)
  • [2020-06-19] Accepted bundler 2.1.4-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2020-05-19] Accepted bundler 1.17.3-3+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Andreas Beckmann)
  • [2020-02-15] bundler 2.1.4-1 MIGRATED to testing (Debian testing watch)
  • [2020-02-07] Accepted bundler 2.1.4-1 (source) into unstable (Utkarsh Gupta)
  • [2019-03-20] bundler 1.17.3-3 MIGRATED to testing (Debian testing watch)
  • [2019-03-09] Accepted bundler 1.17.3-3 (source) into unstable (Antonio Terceiro)
  • [2019-02-09] bundler 1.17.3-2 MIGRATED to testing (Debian testing watch)
  • [2019-02-06] Accepted bundler 1.17.3-2 (source) into unstable (Lucas Kanashiro)
  • [2019-02-06] bundler 1.17.3-1 MIGRATED to testing (Debian testing watch)
  • [2019-02-03] Accepted bundler 1.17.3-1 (source) into unstable (Antonio Terceiro)
  • [2018-07-25] bundler 1.16.1-3 MIGRATED to testing (Debian testing watch)
  • [2018-07-23] Accepted bundler 1.16.1-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
  • [2018-05-07] bundler 1.16.1-2 MIGRATED to testing (Debian testing watch)
  • [2018-05-04] Accepted bundler 1.16.1-2 (source) into unstable (Antonio Terceiro)
  • [2018-03-21] bundler 1.16.1-1 MIGRATED to testing (Debian testing watch)
  • [2018-03-15] Accepted bundler 1.16.1-1 (source) into unstable (Cédric Boutillier)
  • [2017-07-09] bundler 1.15.1-1 MIGRATED to testing (Debian testing watch)
  • [2017-07-03] Accepted bundler 1.15.1-1 (source) into unstable (Lucas Nussbaum)
  • [2016-12-19] bundler 1.13.6-2 MIGRATED to testing (Debian testing watch)
  • [2016-12-08] Accepted bundler 1.13.6-2 (source) into unstable (Christian Hofstaedtler)
  • [2016-12-06] bundler 1.12.5-4 MIGRATED to testing (Debian testing watch)
  • [2016-11-30] Accepted bundler 1.12.5-4 (source) into unstable (Christian Hofstaedtler)
  • [2016-07-19] bundler 1.12.5-3 MIGRATED to testing (Debian testing watch)
  • [2016-07-13] Accepted bundler 1.12.5-3 (source) into unstable (Christian Hofstaedtler)
  • [2016-07-12] bundler 1.12.5-2 MIGRATED to testing (Debian testing watch)
  • [2016-07-05] Accepted bundler 1.12.5-2 (source) into unstable (Christian Hofstaedtler)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian
  • buildd: logs, clang
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.1.4-2
  • 1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing