ruby-carrierwave - Debian Package Tracker

general

source: ruby-carrierwave (main)
version: 1.3.2-2
maintainer: Debian Ruby Extras Maintainers (archive) (DMD)
uploaders: Pirate Praveen [DMD]
arch: all
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.10.0+gh-4
o-o-bpo: 1.3.1-1~bpo9+1
oldstable: 1.3.1-2
unstable: 1.3.2-2
exp: 2.2.2-1

versioned links

0.10.0+gh-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.1-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-carrierwave

action needed

A new upstream version is available: 2.2.3 high

A new upstream version 2.2.3 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2022-12-05 07:33

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2021-21305: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.

Created: 2022-07-04 Last update: 2022-08-01 13:40

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2022-04-04 Last update: 2022-12-05 12:36

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit d930c34528849b8789a48c521b818397e59c8683
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Thu Sep 9 12:00:42 2021 +0000

    Remove constraints unnecessary since buster
    
    * Build-Depends: Drop versioned constraint on rails, ruby-activerecord, ruby-activesupport, ruby-fog-google, ruby-generator-spec, ruby-mini-magick, ruby-mini-mime and ruby-rspec.
    * ruby-carrierwave: Drop versioned constraint on ruby-activemodel, ruby-activesupport and ruby-mini-mime in Depends.
    
    Changes-By: deb-scrub-obsolete

Created: 2021-09-24 Last update: 2022-11-29 01:18

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-09-06 Last update: 2022-07-30 12:16

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).

Created: 2021-08-18 Last update: 2022-05-11 23:24

testing migrations

excuses:
- Migrates after: ruby-fog-google
- Migration status for ruby-carrierwave (- to 1.3.2-2): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ autopkgtest for ruby-carrierwave/1.3.2-2: amd64: No test results, arm64: No test results, armel: Regression ♻ , armhf: No test results, i386: No test results, ppc64el: No test results, s390x: No test results
- ∙ ∙ Build-Depends(-Arch): ruby-carrierwave ruby-fog-google
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/r/ruby-carrierwave.html
- ∙ ∙ 540 days old (needed 5 days)
- Not considered

news

[rss feed]

[2022-04-05] ruby-carrierwave REMOVED from testing (Debian testing watch)
[2021-08-16] ruby-carrierwave 1.3.2-2 MIGRATED to testing (Debian testing watch)
[2021-06-13] Accepted ruby-carrierwave 2.2.2-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-06-13] Accepted ruby-carrierwave 1.3.2-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-06-13] Accepted ruby-carrierwave 1.3.2-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-04-16] ruby-carrierwave REMOVED from testing (Debian testing watch)
[2020-02-04] Accepted ruby-carrierwave 2.0.2-1 (source) into experimental (Sruthi Chandran)
[2019-04-01] ruby-carrierwave 1.3.1-2 MIGRATED to testing (Debian testing watch)
[2019-03-24] Accepted ruby-carrierwave 1.3.1-2 (source) into unstable (Utkarsh Gupta) (signed by: Praveen Arimbrathodiyil)
[2019-02-23] Accepted ruby-carrierwave 1.3.1-1~bpo9+1 (source all) into stretch-backports (Pirate Praveen) (signed by: Abhijith PA)
[2019-02-01] Accepted ruby-carrierwave 1.2.3-1~bpo9+1 (source all) into stretch-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-01-31] ruby-carrierwave 1.3.1-1 MIGRATED to testing (Debian testing watch)
[2019-01-29] Accepted ruby-carrierwave 1.3.1-1 (source all) into unstable (suman) (signed by: Abhijith PA)
[2018-08-30] ruby-carrierwave 1.2.3-1 MIGRATED to testing (Debian testing watch)
[2018-08-28] Accepted ruby-carrierwave 1.2.3-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-08-15] ruby-carrierwave 1.2.2-1 MIGRATED to testing (Debian testing watch)
[2018-08-14] ruby-carrierwave REMOVED from testing (Debian testing watch)
[2018-06-17] Accepted ruby-carrierwave 1.2.2-1~bpo9+1 (source all) into stretch-backports, stretch-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-20] ruby-carrierwave 1.2.2-1 MIGRATED to testing (Debian testing watch)
[2018-03-15] Accepted ruby-carrierwave 1.2.2-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-05] ruby-carrierwave 1.1.0-3 MIGRATED to testing (Debian testing watch)
[2018-02-27] Accepted ruby-carrierwave 1.1.0-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-02-23] Accepted ruby-carrierwave 1.1.0-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2017-07-24] Accepted ruby-carrierwave 1.1.0-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-12-01] ruby-carrierwave 0.10.0+gh-4 MIGRATED to testing (Debian testing watch)
[2016-11-28] Accepted ruby-carrierwave 0.10.0+gh-4 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-11-15] ruby-carrierwave 0.10.0+gh-3 MIGRATED to testing (Debian testing watch)
[2016-11-09] Accepted ruby-carrierwave 0.10.0+gh-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-08-26] Accepted ruby-carrierwave 0.11.2-1 (source) into experimental (Sruthi Chandran) (signed by: Praveen Arimbrathodiyil)
[2016-02-10] ruby-carrierwave 0.10.0+gh-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, exp
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.3.2-2