Register | Log in

ruby-devise

Flexible authentication solution for Rails with Warden

Choose email to subscribe with

general

source: ruby-devise (main)
version: 4.5.0-2
maintainer: Debian Ruby Extras Maintainers (archive) [DMD]
uploaders: Markus Tornow [DMD] – Pirate Praveen [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 4.2.0-1
stable-bpo: 4.4.3-1~bpo9+1
testing: 4.5.0-2
unstable: 4.5.0-2

versioned links

4.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.4.3-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.5.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-devise

action needed

A new upstream version is available: 4.6.2 high

A new upstream version 4.6.2 is available, you should consider packaging it.

Created: 2019-02-25 Last update: 2019-05-20 03:46

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2019-5421: Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later.

Please fix it.

Created: 2019-04-04 Last update: 2019-04-07 23:44

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-5421: Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later.

Please fix it.

Created: 2019-04-04 Last update: 2019-04-07 23:44

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2019-04-07 Last update: 2019-04-07 07:40

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2019-5421: Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later.

Please fix it.

Created: 2019-04-04 Last update: 2019-04-07 23:44

news

[2019-03-10] ruby-devise 4.5.0-2 MIGRATED to testing (Debian testing watch)
[2019-02-27] Accepted ruby-devise 4.5.0-2 (source) into unstable (Antonio Terceiro)
[2019-01-06] ruby-devise 4.5.0-1 MIGRATED to testing (Debian testing watch)
[2018-12-31] Accepted ruby-devise 4.5.0-1 (source) into unstable (Utkarsh Gupta) (signed by: Praveen Arimbrathodiyil)
[2018-05-15] Accepted ruby-devise 4.4.3-1~bpo9+1 (source all) into stretch-backports, stretch-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-27] ruby-devise 4.4.3-1 MIGRATED to testing (Debian testing watch)
[2018-03-21] Accepted ruby-devise 4.4.3-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2017-09-21] ruby-devise 4.3.0-1 MIGRATED to testing (Debian testing watch)
[2017-09-15] Accepted ruby-devise 4.3.0-1 (source) into unstable (Sruthi Chandran) (signed by: Praveen Arimbrathodiyil)
[2016-09-23] ruby-devise 4.2.0-1 MIGRATED to testing (Debian testing watch)
[2016-09-18] Accepted ruby-devise 4.2.0-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-09-13] Accepted ruby-devise 4.1.1-4 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-09-01] ruby-devise 4.1.1-3 MIGRATED to testing (Debian testing watch)
[2016-08-26] Accepted ruby-devise 4.1.1-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-07-17] ruby-devise 4.1.1-2 MIGRATED to testing (Debian testing watch)
[2016-07-09] Accepted ruby-devise 4.1.1-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-06-12] Accepted ruby-devise 4.1.1-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-03-09] ruby-devise 3.5.6-2 MIGRATED to testing (Debian testing watch)
[2016-03-04] Accepted ruby-devise 3.5.6-2 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-02-23] Accepted ruby-devise 3.5.6-1 (source all) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-01-09] ruby-devise 3.5.2-3 MIGRATED to testing (Debian testing watch)
[2016-01-03] Accepted ruby-devise 3.5.2-3 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2015-12-20] ruby-devise 3.5.2-2 MIGRATED to testing (Debian testing watch)
[2015-11-11] Accepted ruby-devise 3.5.2-2 (source) into unstable (Antonio Terceiro)
[2015-10-29] Accepted ruby-devise 3.5.2-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2015-07-13] Accepted ruby-devise 3.5.1-1 (source all) into unstable (Balasankar C)
[2015-04-15] Accepted ruby-devise 3.4.1-2 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2015-01-19] Accepted ruby-devise 3.4.1-1 (source all) into unstable, unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.5.0-2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing