Debian Package Tracker
Register | Log in
Subscribe

lua-http

HTTP library for Lua

Choose email to subscribe with

general
  • source: lua-http (main)
  • version: 0.4-1
  • maintainer: Ondřej Surý (DMD) (LowNMU)
  • uploaders: Santiago Ruano Rincón [DMD]
  • arch: all
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.1-3
  • oldstable: 0.4-1
  • stable: 0.4-1
  • testing: 0.4-1
  • unstable: 0.4-1
versioned links
  • 0.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • lua-http
action needed
1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:
  • CVE-2023-4540: Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.
Created: 2023-09-06 Last update: 2023-09-09 00:22
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2023-4540: Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.
Created: 2023-09-06 Last update: 2023-09-09 00:22
Depends on packages which need a new maintainer normal
The packages that lua-http depends on which need a new maintainer are:
  • lua-bit32 (#995500)
    • Depends: lua-bit32
Created: 2021-10-02 Last update: 2023-10-04 21:39
9 new commits since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit 53c28e6531f1f92c6c14473b607c905537756cfa
Merge: a2349f4 ca6794d
Author: Jelmer Vernooij <jelmer@debian.org>
Date:   Thu Dec 8 22:18:38 2022 +0000

    Merge branch 'scrub-obsolete' into 'debian/master'
    
    Remove unnecessary constraints
    
    See merge request lua-team/lua-http!1

commit ca6794d4584d02ea5540434862049d83cbb0aa70
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Wed Nov 2 01:26:10 2022 +0000

    Remove constraints unnecessary since buster (oldstable)
    
    * lua-http: Drop versioned constraint on lua-basexx, lua-compat53, lua-cqueues, lua-lpeg-patterns and lua-luaossl in Depends.
    * lua-http: Drop versioned constraint on knot-resolver-module-http in Breaks.
    
    Changes-By: deb-scrub-obsolete

commit a2349f44ab14c12ccbda2f3ffbd279b1c384a639
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Mon Feb 15 12:01:02 2021 +0100

    Release 0.4-1
    
    Gbp-Dch: Ignore

commit bd99e17b868d41c3033e15012af4749e796478fb
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Mon Feb 15 11:59:58 2021 +0100

    Bump Standards-Version to 4.5.1. No changes required

commit 0d2273cd862a163d2dce4cf01802ce524fb83fd3
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Mon Feb 15 11:59:39 2021 +0100

    Bump debhelper-compat to 13

commit b33285785ea61b03cb7e31566467ae4602eea95a
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Mon Feb 15 11:42:32 2021 +0100

    Bump d/watch version to 4

commit 68acd564561c5679d40a9bac8a945f0d5a37cd3d
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Mon Feb 15 07:28:04 2021 +0100

    Snapshot debian/changelog for 0.4-1
    
    Gbp-Dch: Ignore

commit 033a0c525c20a93310529e29e0f4bfdc51ea5ebb
Merge: 030f747 469d5a0
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Sun Feb 14 19:52:21 2021 +0100

    Update upstream source from tag 'upstream/0.4'
    
    Update to upstream version '0.4'
    with Debian dir 472e500bfc6ec488143d4f0543629c3d9ef80248

commit 469d5a0880a86123923bae73f6408f99c37ca963
Author: Santiago Ruano Rincón <santiagorr@riseup.net>
Date:   Sun Feb 14 19:52:20 2021 +0100

    New upstream version 0.4
Created: 2021-02-15 Last update: 2023-10-01 15:39
1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:
  • CVE-2023-4540: (needs triaging) Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-09-06 Last update: 2023-09-09 00:22
1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:
  • CVE-2023-4540: (needs triaging) Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-09-06 Last update: 2023-09-09 00:22
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.5.1).
Created: 2021-08-18 Last update: 2022-12-17 19:17
news
[rss feed]
  • [2022-07-31] lua-http 0.4-1 MIGRATED to testing (Debian testing watch)
  • [2022-06-10] lua-http REMOVED from testing (Debian testing watch)
  • [2022-06-10] lua-http REMOVED from testing (Debian testing watch)
  • [2021-02-26] lua-http 0.4-1 MIGRATED to testing (Debian testing watch)
  • [2021-02-15] Accepted lua-http 0.4-1 (source) into unstable (Santiago Ruano Rincón)
  • [2020-12-07] lua-http 0.3-2 MIGRATED to testing (Debian testing watch)
  • [2020-12-07] lua-http 0.3-2 MIGRATED to testing (Debian testing watch)
  • [2020-11-23] Accepted lua-http 0.3-2 (source) into unstable (Santiago Ruano Rincón)
  • [2020-02-20] lua-http 0.3-1 MIGRATED to testing (Debian testing watch)
  • [2020-02-13] Accepted lua-http 0.3-1 (source) into unstable (Santiago Ruano Rincón)
  • [2020-02-07] lua-http 0.1-3 MIGRATED to testing (Debian testing watch)
  • [2019-10-06] lua-http REMOVED from testing (Debian testing watch)
  • [2017-06-03] lua-http 0.1-3 MIGRATED to testing (Debian testing watch)
  • [2017-05-29] Accepted lua-http 0.1-3 (source) into unstable (Ondřej Surý)
  • [2016-12-31] lua-http 0.1-1 MIGRATED to testing (Debian testing watch)
  • [2016-12-19] Accepted lua-http 0.1-1 (source all) into unstable (Ondřej Surý)
  • [2016-07-26] lua-http 0~20160616-3 MIGRATED to testing (Debian testing watch)
  • [2016-07-14] Accepted lua-http 0~20160616-3 (source all) into unstable, unstable (Ondřej Surý)
  • [2016-07-14] Accepted lua-http 0~20160616-1 (source amd64) into unstable, unstable (Ondřej Surý)
  • [2016-07-14] Accepted lua-http 0~20160616-2 (source all) into unstable, unstable (Ondřej Surý)
bugs [bug history graph]
  • all: 2
  • RC: 0
  • I&N: 1
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.4-1
  • 2 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing