Debian Package Tracker

general

source: ruby-openid (main)
version: 2.7.0debian-1
maintainer: Debian Ruby Extras Maintainers (archive) [DMD]
uploaders: Paul van Tilburg [DMD] – Cédric Boutillier [DMD]
arch: all
std-ver: 3.9.6
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.5.0debian-1
oldstable: 2.7.0debian-1
stable: 2.7.0debian-1
testing: 2.7.0debian-1
unstable: 2.7.0debian-1

versioned links

2.5.0debian-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7.0debian-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-openid

action needed

Marked for autoremoval on 06 August: #930388 high

Version 2.7.0debian-1 of ruby-openid is marked for autoremoval from testing on Tue 06 Aug 2019. It is affected by #930388. The removal of ruby-openid will also cause the removal of (transitive) reverse dependencies: ruby-devise, ruby-devise-lastseenable, ruby-devise-token-authenticatable, ruby-omniauth-openid, ruby-rack-openid. You should try to prevent the removal by fixing these RC bugs.

Created: 2019-07-07 Last update: 2019-07-17 03:40

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

redirecting DEPRECATED pkg-ruby-extras.alioth.debian.org/cgi-bin/gemwatch to gemwatch.debian.net

Created: 2018-05-06 Last update: 2019-07-17 00:33

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2019-11027: Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk.

Please fix it.

Created: 2019-07-07 Last update: 2019-07-10 21:22

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2019-11027: Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk.

Please fix it.

Created: 2019-06-11 Last update: 2019-07-10 21:22

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-11027: Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk.

Please fix it.

Created: 2019-06-11 Last update: 2019-07-10 21:22

1 security issue in stretch high

There is 1 open security issue in stretch.

1 important issue:

CVE-2019-11027: Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk.

Please fix it.

Created: 2019-06-11 Last update: 2019-07-10 21:22

1 security issue in jessie high

There is 1 open security issue in jessie.

1 important issue:

CVE-2019-11027: Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk.

Please fix it.

Created: 2019-06-11 Last update: 2019-07-10 21:22

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 3.9.6).

Created: 2018-04-16 Last update: 2019-07-08 20:08

6 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 07e9af88faad9612ce40eae5fe3424d610f36d8b
Author: Cédric Boutillier <boutil@moszumanska.debian.org>
Date:   Fri Mar 4 15:15:08 2016 +0000

    Run wrap-and-sort on packaging files

commit 4f08f8b3523e9619972fe4c0c9f03d5c3bd8f088
Author: Cédric Boutillier <boutil@moszumanska.debian.org>
Date:   Fri Mar 4 13:06:50 2016 +0000

    Bump Standards-Version to 3.9.7 (no changes needed)

commit d02cfaa537599274b5f61a8127ce1e2ac4a4513f
Author: Cédric Boutillier <boutil@moszumanska.debian.org>
Date:   Fri Mar 4 12:50:50 2016 +0000

    Use https:// in Vcs-* fields

commit 223f89bafd4ce3848427e05c811b92fd9bc04bd8
Author: Cédric Boutillier <boutil@moszumanska.debian.org>
Date:   Fri Mar 4 12:30:35 2016 +0000

    Use https:// in Vcs-* fields

commit 892f42aa206ece05f5b8d0b9d22269949dfe1443
Author: Cédric Boutillier <boutil@moszumanska.debian.org>
Date:   Fri Mar 4 11:58:24 2016 +0000

    Remove version in the gem2deb build-dependency

commit 81ee82afc829066bf085afdbaa96ed6d5df4d666
Author: Cédric Boutillier <boutil@moszumanska.debian.org>
Date:   Fri Mar 4 11:08:40 2016 +0000

    Bump debhelper compatibility level to 9

The Vcs URL git://anonscm.debian.org/pkg-ruby-extras/ruby-openid.git is deprecated/defunct, https://anonscm.debian.org/git/pkg-ruby-extras/ruby-openid.git was tried instead. Please update the Vcs field in debian/control.

Created: 2017-12-03 Last update: 2019-07-16 21:01

The URL(s) for this package had some recent persistent issues low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2019-01-12 Last update: 2019-07-17 03:41

news

[rss feed]

[2015-08-15] ruby-openid 2.7.0debian-1 MIGRATED to testing (Britney)
[2015-08-09] Accepted ruby-openid 2.7.0debian-1 (source all) into unstable (Cédric Boutillier)
[2014-03-20] ruby-openid 2.5.0debian-1 MIGRATED to testing (Debian testing watch)
[2014-03-14] Accepted ruby-openid 2.5.0debian-1 (source all) (Cédric Boutillier)
[2013-03-09] ruby-openid 2.1.8debian-6 MIGRATED to testing (Debian testing watch)
[2013-03-06] Accepted ruby-openid 2.1.8debian-6 (source all) (Cédric Boutillier)
[2012-07-07] ruby-openid 2.1.8debian-5 MIGRATED to testing (Debian testing watch)
[2012-06-26] Accepted ruby-openid 2.1.8debian-5 (source all) (Cédric Boutillier)
[2012-05-31] ruby-openid 2.1.8debian-4 MIGRATED to testing (Debian testing watch)
[2012-05-20] Accepted ruby-openid 2.1.8debian-4 (source all) (Paul van Tilburg)
[2012-05-20] Accepted ruby-openid 2.1.8debian-3 (source all) (Paul van Tilburg)

bugs [bug history graph]

all: 1
RC: 1
I&N: 0
M&W: 0
F&P: 0
patch: 0

links

homepage
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.7.0debian-1