Debian Package Tracker

general

source: cargo (main)
version: 0.37.0-3
maintainer: Rust Maintainers (archive) (DMD)
uploaders: Angus Lees [DMD] – Ximin Luo [DMD] – Luca Bruno [DMD] – Vasudev Kamath [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-sec: 0.25.0-2~deb8u2
oldstable: 0.25.0-3~deb9u1
stable: 0.35.0-2
testing: 0.37.0-3
unstable: 0.37.0-3

versioned links

0.25.0-2~deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.25.0-3~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.35.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.37.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cargo (1 bugs: 0, 1, 0, 0)
cargo-doc (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 0.39.0 high

A new upstream version 0.39.0 is available, you should consider packaging it.

Created: 2019-08-18 Last update: 2019-10-18 03:10

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-10-12 Last update: 2019-10-18 03:13

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.37.0-4, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 56c36396d2524e868c3cd3c458d39da6ed984b64
Author: Sylvestre Ledru <sylvestre@debian.org>
Date:   Mon Sep 30 17:24:19 2019 +0200

    cargo/zsh: fix path

commit f7f41cddd6b47ff8d9b5366b4cecf767e7591e74
Author: Sylvestre Ledru <sylvestre@debian.org>
Date:   Mon Sep 30 17:07:37 2019 +0200

    Ship the zsh completion (Closes: #941437)

Created: 2019-09-30 Last update: 2019-10-15 19:15

lintian reports 8 warnings normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-03-16 Last update: 2019-03-16 05:30

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #860116 for more information.

Created: 2017-12-02 Last update: 2017-12-02 00:25

The URL(s) for this package had some recent persistent issues low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2019-01-12 Last update: 2019-10-18 09:00

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

cargo-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2019-10-18 03:17

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2019-16760: Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust 1.25.0 is affected by this advisory because Cargo will ignore the `package` key in manifests. Rust 1.26.0 through Rust 1.30.0 are not affected and typically will emit an error because the `package` key is unstable. Rust 1.31.0 and after are not affected because Cargo understands the `package` key. Users of the affected versions are strongly encouraged to update their compiler to the latest available one. Preventing this issue from happening requires updating your compiler to be either Rust 1.26.0 or newer. There will be no point release for Rust versions prior to 1.26.0. Users of Rust 1.19.0 to Rust 1.25.0 can instead apply linked patches to mitigate the issue.

Please fix it.

Created: 2019-10-09 Last update: 2019-10-10 05:30

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2019-16760: Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust 1.25.0 is affected by this advisory because Cargo will ignore the `package` key in manifests. Rust 1.26.0 through Rust 1.30.0 are not affected and typically will emit an error because the `package` key is unstable. Rust 1.31.0 and after are not affected because Cargo understands the `package` key. Users of the affected versions are strongly encouraged to update their compiler to the latest available one. Preventing this issue from happening requires updating your compiler to be either Rust 1.26.0 or newer. There will be no point release for Rust versions prior to 1.26.0. Users of Rust 1.19.0 to Rust 1.25.0 can instead apply linked patches to mitigate the issue.

Please fix it.

Created: 2019-10-09 Last update: 2019-10-10 05:30

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2019-05-19 Last update: 2019-05-19 08:20

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.2.1).

Created: 2018-12-23 Last update: 2019-09-29 23:40

testing migrations

This package will soon be part of the auto-libgit2 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2019-07-26] cargo 0.37.0-3 MIGRATED to testing (Debian testing watch)
[2019-07-20] Accepted cargo 0.37.0-3 (source) into unstable (Ximin Luo)
[2019-07-18] Accepted cargo 0.37.0-2 (source) into unstable (Ximin Luo)
[2019-07-17] Accepted cargo 0.37.0-1 (source) into unstable (Ximin Luo)
[2019-06-24] cargo 0.35.0-2 MIGRATED to testing (Debian testing watch)
[2019-06-08] Accepted cargo 0.35.0-2 (source) into unstable (Ximin Luo)
[2019-05-31] Accepted cargo 0.35.0-1 (source) into unstable (Ximin Luo)
[2019-05-24] cargo 0.33.0-3 MIGRATED to testing (Debian testing watch)
[2019-05-19] Accepted cargo 0.33.0-3 (source) into unstable (Ximin Luo)
[2019-05-18] Accepted cargo 0.33.0-2 (source) into unstable (Ximin Luo)
[2019-02-11] cargo 0.33.0-1 MIGRATED to testing (Debian testing watch)
[2019-02-06] Accepted cargo 0.33.0-1 (source) into unstable (Ximin Luo)
[2019-02-02] Accepted cargo 0.32.0-2~exp1 (source) into experimental (Vasudev Kamath)
[2019-01-29] cargo 0.32.0-1 MIGRATED to testing (Debian testing watch)
[2019-01-24] Accepted cargo 0.32.0-1 (source) into unstable (Ximin Luo)
[2019-01-24] Accepted cargo 0.32.0-1~exp3 (source) into experimental (Ximin Luo)
[2019-01-23] Accepted cargo 0.32.0-1~exp2 (source) into experimental (Ximin Luo)
[2018-12-19] Accepted cargo 0.25.0-2~deb8u2 (source armel all) into oldstable (Emilio Pozuelo Monfort)
[2018-12-19] cargo 0.31.1-1 MIGRATED to testing (Debian testing watch)
[2018-12-13] Accepted cargo 0.31.1-1 (source) into unstable (Vasudev Kamath)
[2018-12-12] Accepted cargo 0.32.0-1~exp1 (source) into experimental (Vasudev Kamath)
[2018-12-11] Accepted cargo 0.31.1-1~exp1 (source) into experimental (Vasudev Kamath)
[2018-11-25] cargo 0.31.0-4 MIGRATED to testing (Debian testing watch)
[2018-11-20] Accepted cargo 0.31.0-4 (source) into unstable (Ximin Luo)
[2018-11-18] cargo 0.31.0-3 MIGRATED to testing (Debian testing watch)
[2018-11-09] Accepted cargo 0.31.0-3 (source) into unstable (Ximin Luo)
[2018-11-06] Accepted cargo 0.25.0-2~deb8u1 (source amd64 all) into oldstable, oldstable (Emilio Pozuelo Monfort)
[2018-11-04] Accepted cargo 0.31.0-2 (source) into unstable (Ximin Luo)
[2018-11-04] Accepted cargo 0.31.0-1 (source) into unstable (Ximin Luo)
[2018-11-04] Accepted cargo 0.31.0-1~exp1 (source) into experimental (Ximin Luo)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 8)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots