ruby-carrierwave - Debian Package Tracker

general

source: ruby-carrierwave (main)
version: 1.3.1-2
maintainer: Debian Ruby Extras Maintainers (archive) (DMD)
uploaders: Pirate Praveen [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.10.0+gh-4
old-bpo: 1.3.1-1~bpo9+1
stable: 1.3.1-2
unstable: 1.3.1-2
exp: 2.0.2-1

versioned links

0.10.0+gh-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.1-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-carrierwave

action needed

A new upstream version is available: 2.2.1 high

A new upstream version 2.2.1 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2021-04-22 19:03

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2021-21288: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.
CVE-2021-21305: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.

Created: 2021-02-19 Last update: 2021-04-15 17:30

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2021-21288: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.
CVE-2021-21305: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.

Created: 2021-02-19 Last update: 2021-04-15 17:30

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2021-21288: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.
CVE-2021-21305: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.

Created: 2021-02-19 Last update: 2021-04-13 12:00

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 20-day delay is over. Check why.

Created: 2021-04-15 Last update: 2021-04-22 21:34

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.0.2-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 9d5011b6efee75b427f169f942b3dddfd3c3c051
Author: Cédric Boutillier <boutil@debian.org>
Date:   Thu Sep 3 20:11:44 2020 +0000

    [ci skip] Add .gitattributes to keep unwanted files out of the source package

commit ffbe28ef6554ba6d22a26c6b488fd8ec8c1a6de4
Author: Cédric Boutillier <boutil@debian.org>
Date:   Tue Sep 1 13:36:56 2020 +0000

    [ci skip] Update team name

commit b5a036be8c9d6e747fdc2eeff7059d44e5259d8c
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Sat Aug 15 17:47:54 2020 +0000

    Update standards version to 4.5.0, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

commit 244d30defce6705c20dd66cb1232673f5dd0d040
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Sat Aug 15 17:46:53 2020 +0000

    Remove obsolete fields Contact, Name from debian/upstream/metadata (already present in machine-readable debian/copyright).
    
    Changes-By: lintian-brush

commit cf24c21dd06ed18e845e420925252a0f21f1cb6e
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Sat Aug 15 17:45:48 2020 +0000

    Set field Upstream-Contact in debian/copyright.
    
    Changes-By: lintian-brush

commit 85a15003036b3367a41ff39bfc9336d269e8a14c
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Sat Aug 15 17:44:47 2020 +0000

    Set debhelper-compat version in Build-Depends.
    
    Changes-By: lintian-brush
    Fixes: lintian: uses-debhelper-compat-file
    See-also: https://lintian.debian.org/tags/uses-debhelper-compat-file.html

commit d6455fa1e9763df877a064e132fd34a0f2598a01
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Sat Aug 15 17:43:49 2020 +0000

    Bump debhelper from old 11 to 12.
    
    Changes-By: lintian-brush
    Fixes: lintian: package-uses-old-debhelper-compat-version
    See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html

Created: 2020-08-16 Last update: 2021-04-20 04:07

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.3.0).

Created: 2019-07-08 Last update: 2020-11-17 05:40

testing migrations

excuses:
- Migration status for ruby-carrierwave (- to 1.3.1-2): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Updating ruby-carrierwave introduces new bugs: #982552
- blocked by freeze: is not in testing
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/r/ruby-carrierwave.html
- autopkgtest for ruby-carrierwave/1.3.1-2: amd64: No test results, arm64: No test results, armhf: No test results, i386: No test results, ppc64el: No test results
- 760 days old (needed 20 days)
- Not considered

news

[rss feed]

[2021-04-16] ruby-carrierwave REMOVED from testing (Debian testing watch)
[2020-02-04] Accepted ruby-carrierwave 2.0.2-1 (source) into experimental (Sruthi Chandran)
[2019-04-01] ruby-carrierwave 1.3.1-2 MIGRATED to testing (Debian testing watch)
[2019-03-24] Accepted ruby-carrierwave 1.3.1-2 (source) into unstable (Utkarsh Gupta) (signed by: Praveen Arimbrathodiyil)
[2019-02-23] Accepted ruby-carrierwave 1.3.1-1~bpo9+1 (source all) into stretch-backports (Pirate Praveen) (signed by: Abhijith PA)
[2019-02-01] Accepted ruby-carrierwave 1.2.3-1~bpo9+1 (source all) into stretch-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-01-31] ruby-carrierwave 1.3.1-1 MIGRATED to testing (Debian testing watch)
[2019-01-29] Accepted ruby-carrierwave 1.3.1-1 (source all) into unstable (suman) (signed by: Abhijith PA)
[2018-08-30] ruby-carrierwave 1.2.3-1 MIGRATED to testing (Debian testing watch)
[2018-08-28] Accepted ruby-carrierwave 1.2.3-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-08-15] ruby-carrierwave 1.2.2-1 MIGRATED to testing (Debian testing watch)
[2018-08-14] ruby-carrierwave REMOVED from testing (Debian testing watch)
[2018-06-17] Accepted ruby-carrierwave 1.2.2-1~bpo9+1 (source all) into stretch-backports, stretch-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-20] ruby-carrierwave 1.2.2-1 MIGRATED to testing (Debian testing watch)
[2018-03-15] Accepted ruby-carrierwave 1.2.2-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-05] ruby-carrierwave 1.1.0-3 MIGRATED to testing (Debian testing watch)
[2018-02-27] Accepted ruby-carrierwave 1.1.0-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-02-23] Accepted ruby-carrierwave 1.1.0-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2017-07-24] Accepted ruby-carrierwave 1.1.0-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-12-01] ruby-carrierwave 0.10.0+gh-4 MIGRATED to testing (Debian testing watch)
[2016-11-28] Accepted ruby-carrierwave 0.10.0+gh-4 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-11-15] ruby-carrierwave 0.10.0+gh-3 MIGRATED to testing (Debian testing watch)
[2016-11-09] Accepted ruby-carrierwave 0.10.0+gh-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-08-26] Accepted ruby-carrierwave 0.11.2-1 (source) into experimental (Sruthi Chandran) (signed by: Praveen Arimbrathodiyil)
[2016-02-10] ruby-carrierwave 0.10.0+gh-2 MIGRATED to testing (Debian testing watch)
[2016-02-05] Accepted ruby-carrierwave 0.10.0+gh-2 (source all) into unstable (Balasankar C) (signed by: Praveen Arimbrathodiyil)
[2015-10-11] ruby-carrierwave 0.10.0+gh-1 MIGRATED to testing (Britney)
[2015-10-10] ruby-carrierwave REMOVED from testing (Britney)
[2015-07-18] ruby-carrierwave 0.10.0+gh-1 MIGRATED to testing (Britney)
[2015-07-07] Accepted ruby-carrierwave 0.10.0+gh-1 (source all) into unstable, unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)

bugs [bug history graph]

all: 2
RC: 1
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, exp, clang
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.3.1-2