Debian Package Tracker

general

source: mruby (main)
version: 2.1.2-2
maintainer: Nobuhiro Iwamatsu (DMD)
uploaders: Akira Mitsui [DMD]
arch: any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.0+20141015+gitb4cc962c-1
oldstable: 1.2.0+20161228+git30d5424a-1
stable: 2.0.0-1
testing: 2.1.2-2
unstable: 2.1.2-2

versioned links

1.0.0+20141015+gitb4cc962c-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.0+20161228+git30d5424a-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmruby-dev
mruby

action needed

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2020-12-10 Last update: 2021-01-16 08:34

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-10-19 Last update: 2021-01-17 01:02

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2021-01-02 Last update: 2021-01-16 20:38

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-09-21 Last update: 2020-09-21 06:03

7 ignored security issues in stretch low

There are 7 open security issues in stretch.

7 issues skipped by the security teams:

CVE-2017-9527: The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.
CVE-2018-10191: In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code.
CVE-2018-11743: The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.
CVE-2018-12248: An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.
CVE-2018-12249: An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c.
CVE-2018-14337: The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
CVE-2020-15866: mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.

Please fix them.

Created: 2017-06-12 Last update: 2021-01-01 06:06

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2020-15866: mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.

Please fix it.

Created: 2020-07-21 Last update: 2021-01-01 06:06

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2020-12-09 Last update: 2020-12-09 14:35

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2019-07-08 Last update: 2020-12-27 13:05

news

[rss feed]

[2021-01-01] mruby 2.1.2-2 MIGRATED to testing (Debian testing watch)
[2020-12-27] Accepted mruby 2.1.2-2 (source) into unstable (Nobuhiro Iwamatsu)
[2020-12-14] mruby 2.1.2-1 MIGRATED to testing (Debian testing watch)
[2020-12-09] Accepted mruby 2.1.2-1 (source) into unstable (Nobuhiro Iwamatsu)
[2020-11-11] mruby REMOVED from testing (Debian testing watch)
[2020-11-11] mruby REMOVED from testing (Debian testing watch)
[2019-12-11] Accepted mruby 2.0.1-1 (source) into experimental (Nobuhiro Iwamatsu)
[2019-01-10] mruby 2.0.0-1 MIGRATED to testing (Debian testing watch)
[2019-01-04] Accepted mruby 2.0.0-1 (source amd64) into unstable (Akira Mitsui) (signed by: Nobuhiro Iwamatsu)
[2018-06-27] mruby 1.4.1+20180622+git640fca32-1 MIGRATED to testing (Debian testing watch)
[2018-06-22] Accepted mruby 1.4.1+20180622+git640fca32-1 (source amd64) into unstable (Nobuhiro Iwamatsu)
[2018-05-15] mruby 1.4.1-2 MIGRATED to testing (Debian testing watch)
[2018-05-10] Accepted mruby 1.4.1-2 (source amd64) into unstable (Nobuhiro Iwamatsu)
[2018-05-08] Accepted mruby 1.4.1-1 (source amd64) into unstable (Nobuhiro Iwamatsu)
[2018-04-23] Accepted mruby 1.4.0+20180418+git54905e98-3 (source amd64) into unstable (Nobuhiro Iwamatsu)
[2018-04-22] Accepted mruby 1.4.0+20180418+git54905e98-2 (source amd64) into unstable (Nobuhiro Iwamatsu)
[2018-04-20] Accepted mruby 1.4.0+20180418+git54905e98-1 (source amd64) into unstable (Nobuhiro Iwamatsu)
[2018-03-03] mruby 1.4.0-1 MIGRATED to testing (Debian testing watch)
[2018-02-26] Accepted mruby 1.4.0-1 (source amd64) into unstable (Akira Mitsui) (signed by: Nobuhiro Iwamatsu)
[2017-11-19] mruby 1.3.0+20171029+git77edafb0-1 MIGRATED to testing (Debian testing watch)
[2017-11-14] Accepted mruby 1.3.0+20171029+git77edafb0-1 (source amd64) into unstable (Nobuhiro Iwamatsu)
[2017-10-01] mruby 1.3.0+20170925+git38185028-1 MIGRATED to testing (Debian testing watch)
[2017-09-25] Accepted mruby 1.3.0+20170925+git38185028-1 (source amd64) into unstable (Nobuhiro Iwamatsu)
[2017-08-18] mruby 1.3.0-1 MIGRATED to testing (Debian testing watch)
[2017-08-12] Accepted mruby 1.3.0-1 (source amd64) into unstable (Akira Mitsui) (signed by: Nobuhiro Iwamatsu)
[2017-06-02] Accepted mruby 1.2.0+20170601+git51e0e690-1 (source amd64) into experimental (Nobuhiro Iwamatsu)
[2017-01-07] mruby 1.2.0+20161228+git30d5424a-1 MIGRATED to testing (Debian testing watch)
[2016-12-27] Accepted mruby 1.2.0+20161228+git30d5424a-1 (source amd64) into unstable (Nobuhiro Iwamatsu)
[2016-10-20] mruby 1.2.0+20161009+git8488425e-1 MIGRATED to testing (Debian testing watch)
[2016-10-14] Accepted mruby 1.2.0+20161009+git8488425e-1 (source amd64) into unstable (Nobuhiro Iwamatsu)

bugs [bug history graph]

all: 1
RC: 1
I&N: 0
M&W: 0
F&P: 0
patch: 1

links

lintian (0, 2)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.1.2-2
1 bug