lua-http - Debian Package Tracker

general

source: lua-http (main)
version: 0.4-1
maintainer: Ondřej Surý (DMD) (LowNMU)
uploaders: Santiago Ruano Rincón [DMD]
arch: all
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.1-3
oldstable: 0.4-1
stable: 0.4-1
testing: 0.4-1
unstable: 0.4-1

versioned links

0.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

lua-http

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2023-4540: Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.

Created: 2023-09-06 Last update: 2023-09-09 00:22

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2023-4540: Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.

Created: 2023-09-06 Last update: 2023-09-09 00:22

Depends on packages which need a new maintainer normal

The packages that lua-http depends on which need a new maintainer are:

lua-bit32 (#995500)
- Depends: lua-bit32

Created: 2021-10-02 Last update: 2023-10-04 21:39

9 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 53c28e6531f1f92c6c14473b607c905537756cfa
Merge: a2349f4 ca6794d
Author: Jelmer Vernooĳ <jelmer@debian.org>
Date:   Thu Dec 8 22:18:38 2022 +0000

    Merge branch 'scrub-obsolete' into 'debian/master'
    
    Remove unnecessary constraints
    
    See merge request lua-team/lua-http!1

commit ca6794d4584d02ea5540434862049d83cbb0aa70
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Wed Nov 2 01:26:10 2022 +0000

    Remove constraints unnecessary since buster (oldstable)
    
    * lua-http: Drop versioned constraint on lua-basexx, lua-compat53, lua-cqueues, lua-lpeg-patterns and lua-luaossl in Depends.
    * lua-http: Drop versioned constraint on knot-resolver-module-http in Breaks.
    
    Changes-By: deb-scrub-obsolete

commit a2349f44ab14c12ccbda2f3ffbd279b1c384a639
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Mon Feb 15 12:01:02 2021 +0100

    Release 0.4-1
    
    Gbp-Dch: Ignore

commit bd99e17b868d41c3033e15012af4749e796478fb
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Mon Feb 15 11:59:58 2021 +0100

    Bump Standards-Version to 4.5.1. No changes required

commit 0d2273cd862a163d2dce4cf01802ce524fb83fd3
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Mon Feb 15 11:59:39 2021 +0100

    Bump debhelper-compat to 13

commit b33285785ea61b03cb7e31566467ae4602eea95a
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Mon Feb 15 11:42:32 2021 +0100

    Bump d/watch version to 4

commit 68acd564561c5679d40a9bac8a945f0d5a37cd3d
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Mon Feb 15 07:28:04 2021 +0100

    Snapshot debian/changelog for 0.4-1
    
    Gbp-Dch: Ignore

commit 033a0c525c20a93310529e29e0f4bfdc51ea5ebb
Merge: 030f747 469d5a0
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Sun Feb 14 19:52:21 2021 +0100

    Update upstream source from tag 'upstream/0.4'
    
    Update to upstream version '0.4'
    with Debian dir 472e500bfc6ec488143d4f0543629c3d9ef80248

commit 469d5a0880a86123923bae73f6408f99c37ca963
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Sun Feb 14 19:52:20 2021 +0100

    New upstream version 0.4

Created: 2021-02-15 Last update: 2023-10-01 15:39

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2023-4540: (needs triaging) Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-09-06 Last update: 2023-09-09 00:22

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-4540: (needs triaging) Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-09-06 Last update: 2023-09-09 00:22

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.5.1).

Created: 2021-08-18 Last update: 2022-12-17 19:17

news

[rss feed]

[2022-07-31] lua-http 0.4-1 MIGRATED to testing (Debian testing watch)
[2022-06-10] lua-http REMOVED from testing (Debian testing watch)
[2022-06-10] lua-http REMOVED from testing (Debian testing watch)
[2021-02-26] lua-http 0.4-1 MIGRATED to testing (Debian testing watch)
[2021-02-15] Accepted lua-http 0.4-1 (source) into unstable (Santiago Ruano Rincón)
[2020-12-07] lua-http 0.3-2 MIGRATED to testing (Debian testing watch)
[2020-12-07] lua-http 0.3-2 MIGRATED to testing (Debian testing watch)
[2020-11-23] Accepted lua-http 0.3-2 (source) into unstable (Santiago Ruano Rincón)
[2020-02-20] lua-http 0.3-1 MIGRATED to testing (Debian testing watch)
[2020-02-13] Accepted lua-http 0.3-1 (source) into unstable (Santiago Ruano Rincón)
[2020-02-07] lua-http 0.1-3 MIGRATED to testing (Debian testing watch)
[2019-10-06] lua-http REMOVED from testing (Debian testing watch)
[2017-06-03] lua-http 0.1-3 MIGRATED to testing (Debian testing watch)
[2017-05-29] Accepted lua-http 0.1-3 (source) into unstable (Ondřej Surý)
[2016-12-31] lua-http 0.1-1 MIGRATED to testing (Debian testing watch)
[2016-12-19] Accepted lua-http 0.1-1 (source all) into unstable (Ondřej Surý)
[2016-07-26] lua-http 0~20160616-3 MIGRATED to testing (Debian testing watch)
[2016-07-14] Accepted lua-http 0~20160616-3 (source all) into unstable, unstable (Ondřej Surý)
[2016-07-14] Accepted lua-http 0~20160616-1 (source amd64) into unstable, unstable (Ondřej Surý)
[2016-07-14] Accepted lua-http 0~20160616-2 (source all) into unstable, unstable (Ondřej Surý)

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.4-1
2 bugs