php-laravel-framework - Debian Package Tracker

general

source: php-laravel-framework (main)
version: 6.20.14+dfsg-3
maintainer: Debian PHP PEAR Maintainers (archive) (DMD)
uploaders: Robin Gustafsson [DMD] [DM]
arch: all
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 6.20.14+dfsg-2
unstable: 6.20.14+dfsg-3

versioned links

6.20.14+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.20.14+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

php-illuminate-auth
php-illuminate-broadcasting
php-illuminate-bus
php-illuminate-cache
php-illuminate-config
php-illuminate-console
php-illuminate-container
php-illuminate-contracts
php-illuminate-cookie
php-illuminate-database
php-illuminate-encryption
php-illuminate-events
php-illuminate-filesystem
php-illuminate-hashing
php-illuminate-http
php-illuminate-log
php-illuminate-mail
php-illuminate-notifications
php-illuminate-pagination
php-illuminate-pipeline
php-illuminate-queue
php-illuminate-redis
php-illuminate-routing
php-illuminate-session
php-illuminate-support
php-illuminate-translation
php-illuminate-validation
php-illuminate-view
php-laravel-framework (1 bugs: 1, 0, 0, 0)

action needed

14 binary packages have unsatisfiable dependencies high

The dependencies of php-illuminate-filesystem=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-finder (< 5~~)
The dependencies of php-illuminate-cookie=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-http-foundation (< 5~~)
The dependencies of php-illuminate-queue=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-console (< 5~~)
The dependencies of php-illuminate-routing=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-http-foundation (< 5~~)
The dependencies of php-illuminate-session=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-finder (< 5~~)
The dependencies of php-illuminate-broadcasting=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-console (< 5~~)
The dependencies of php-laravel-framework=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-console (< 5~~)
The dependencies of php-illuminate-validation=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-finder (< 5~~)
The dependencies of php-illuminate-console=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-console (< 5~~)
The dependencies of php-illuminate-auth=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-http-foundation (< 5~~)
The dependencies of php-illuminate-http=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-http-foundation (< 5~~)
The dependencies of php-illuminate-notifications=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-finder (< 5~~)
The dependencies of php-illuminate-translation=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-finder (< 5~~)
The dependencies of php-illuminate-view=6.20.14+dfsg-3 cannot be satisfied in unstable on amd64 because: unsatisfied dependency on php-symfony-finder (< 5~~)

Created: 2021-11-25 Last update: 2022-05-27 07:13

A new upstream version is available: 9.14.0 high

A new upstream version 9.14.0 is available, you should consider packaging it.

Created: 2020-12-06 Last update: 2022-05-27 06:02

5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:

CVE-2018-6330: Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
CVE-2019-9081: The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.
CVE-2017-16894: In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
CVE-2021-37298: Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery\Generator\DefinedTargetClass.
CVE-2021-43503: A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\ClosureWrapper.php.

Created: 2021-11-16 Last update: 2022-04-13 15:30

5 security issues in bullseye high

There are 5 open security issues in bullseye.

5 important issues:

CVE-2018-6330: Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
CVE-2019-9081: The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.
CVE-2017-16894: In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
CVE-2021-37298: Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery\Generator\DefinedTargetClass.
CVE-2021-43503: A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\ClosureWrapper.php.

Created: 2021-11-16 Last update: 2022-04-13 15:30

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2021-43617: Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

Created: 2021-11-16 Last update: 2021-12-05 06:30

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2022-01-03 Last update: 2022-05-27 07:09

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 51b16b505cadb33e7a6f6976573ee95f340abbc2
Author: Robin Gustafsson <robin@rgson.se>
Date:   Tue Dec 28 16:38:33 2021 +0100

    Fix capitalization error in description

Created: 2022-04-12 Last update: 2022-05-21 20:41

piuparts found (un)installation error(s) normal

Piuparts stresses package installation, uninstallation, upgrade, ... While doing such tests, one or more errors were found for the following suites:

sid - piuparts

You should fix them.

Created: 2021-12-29 Last update: 2021-12-29 02:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:25

testing migrations

excuses:
- Migration status for php-laravel-framework (- to 6.20.14+dfsg-3): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ php-illuminate-console/amd64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-cookie/amd64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-filesystem/amd64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-http/amd64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-queue/amd64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-routing/amd64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-session/amd64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-validation/amd64 has unsatisfiable dependency
- ∙ ∙ php-laravel-framework/amd64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-console/arm64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-cookie/arm64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-filesystem/arm64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-http/arm64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-queue/arm64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-routing/arm64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-session/arm64 has unsatisfiable dependency
- ∙ ∙ php-illuminate-validation/arm64 has unsatisfiable dependency
- ∙ ∙ php-laravel-framework/arm64 has unsatisfiable dependency
- ∙ ∙ Updating php-laravel-framework would introduce bugs in testing: #1000560
- ∙ ∙ Rejected due to piuparts regression - https://piuparts.debian.org/sid/source/p/php-laravel-framework.html
- ∙ ∙ Not built on buildd: arch all binaries uploaded by robin@rgson.se, a new source-only upload is needed to allow migration
- ∙ ∙ Impossible Depends: php-laravel-framework -> php-symfony-debug/4.4.19+dfsg-3/amd64
- ∙ ∙ Impossible Depends: php-laravel-framework -> php-symfony-debug/4.4.19+dfsg-3/arm64
- Additional info:
- ∙ ∙ uninstallable on arch amd64, not running autopkgtest there
- ∙ ∙ uninstallable on arch arm64, not running autopkgtest there
- ∙ ∙ 149 days old (needed 5 days)
- Not considered

news

[rss feed]

[2022-03-05] Accepted php-laravel-framework 6.20.14+dfsg-2+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Robin Gustafsson)
[2021-12-28] Accepted php-laravel-framework 6.20.14+dfsg-3 (source all) into unstable (Robin Gustafsson)
[2021-12-10] php-laravel-framework REMOVED from testing (Debian testing watch)
[2021-05-06] php-laravel-framework 6.20.14+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-04-30] Accepted php-laravel-framework 6.20.14+dfsg-2 (source) into unstable (Robin Gustafsson) (signed by: David Prévot)
[2021-01-28] php-laravel-framework 6.20.14+dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-01-22] Accepted php-laravel-framework 6.20.14+dfsg-1 (source) into unstable (Robin Gustafsson) (signed by: David Prévot)
[2021-01-21] php-laravel-framework 6.20.11+dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-01-15] Accepted php-laravel-framework 6.20.11+dfsg-1 (source) into unstable (Robin Gustafsson) (signed by: David Prévot)
[2021-01-12] php-laravel-framework 6.20.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-12-10] Accepted php-laravel-framework 6.20.6+dfsg-1 (source) into unstable (Robin Gustafsson) (signed by: David Prévot)
[2020-12-06] Accepted php-laravel-framework 6.20.5+dfsg-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: Jörgen Hägg)

bugs [bug history graph]

all: 2
RC: 1
I&N: 0
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, clang, debcheck
popcon
browse source code
edit tags
other distros
security tracker
screenshots