Register | Log in

ruby-sinatra

Ruby web-development dressed in a DSL

Choose email to subscribe with

general

source: ruby-sinatra (main)
version: 4.1.1-3
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Pirate Praveen [DMD] – Lucas Kanashiro [DMD] – Youhei SASAKI [DMD] [DM]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.0.5-4
o-o-sec: 2.0.5-4+deb10u2
oldstable: 2.0.8.1-2
old-sec: 2.0.8.1-2+deb11u1
stable: 3.0.5-3
testing: 3.2.0-1
unstable: 4.1.1-3

versioned links

2.0.5-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.5-4+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.8.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.8.1-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.5-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.1.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-rack-protection
ruby-sinatra
ruby-sinatra-contrib

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2024-21510: Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

Created: 2024-11-01 Last update: 2025-01-29 17:33

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2024-21510: Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

Created: 2024-11-01 Last update: 2025-01-29 17:33

Depends on packages which need a new maintainer normal

The packages that ruby-sinatra depends on which need a new maintainer are:

ruby-maruku (#897306)
- Build-Depends: ruby-maruku

Created: 2019-11-22 Last update: 2025-01-30 05:31

debian/patches: 2 patches to forward upstream low

Among the 2 debian patches available in version 4.1.1-3 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-01-29 21:31

No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:

CVE-2024-21510: Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

Created: 2024-11-01 Last update: 2025-01-29 17:33

testing migrations

This package is part of the ongoing testing transition known as auto-upperlimit-ruby-rack. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migrates after: ruby-rack, ruby-rack-session, ruby-rackup
- Migration status for ruby-sinatra (3.2.0-1 to 4.1.1-3): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ autopkgtest for debci/3.10: amd64: Failed (not a regression), arm64: Regression or new test ♻ (reference ♻), armel: Regression or new test ♻ (reference ♻), armhf: Regression or new test ♻ (reference ♻), i386: Regression or new test ♻ (reference ♻), ppc64el: Regression or new test ♻ (reference ♻), riscv64: Regression or new test ♻ (reference ♻), s390x: Regression or new test ♻ (reference ♻)
- ∙ ∙ autopkgtest for pcs/0.11.7-2: amd64: Regression or new test ♻ (reference ♻), arm64: Regression or new test ♻ (reference ♻), armel: Regression or new test ♻ (reference ♻), armhf: Regression or new test ♻ (reference ♻), i386: Regression or new test ♻ (reference ♻), ppc64el: Regression or new test ♻ (reference ♻), riscv64: Regression or new test ♻ (reference ♻), s390x: Regression or new test ♻ (reference ♻)
- ∙ ∙ autopkgtest for ruby-omniauth/2.1.1-1: amd64: Regression or new test ♻ (reference ♻), arm64: Regression or new test ♻ (reference ♻), armel: Regression or new test ♻ (reference ♻), armhf: Regression or new test ♻ (reference ♻), i386: Regression or new test ♻ (reference ♻), ppc64el: Regression or new test ♻ (reference ♻), riscv64: Regression or new test ♻ (reference ♻), s390x: Regression or new test ♻ (reference ♻)
- ∙ ∙ autopkgtest for ruby-sinatra/4.1.1-3: amd64: Regression or new test ♻ (reference ♻), arm64: Regression or new test ♻ (reference ♻), armel: Regression or new test ♻ (reference ♻), armhf: Regression or new test ♻ (reference ♻), i386: Regression or new test ♻ (reference ♻), ppc64el: Regression or new test ♻ (reference ♻), riscv64: Regression or new test ♻ (reference ♻), s390x: Regression or new test ♻ (reference ♻)
- ∙ ∙ autopkgtest for schleuder/5.0.0-1: amd64: Regression or new test ♻ (reference ♻), arm64: Regression or new test ♻ (reference ♻), armel: Regression or new test ♻ (reference ♻), armhf: Regression or new test ♻ (reference ♻), i386: Regression or new test ♻ (reference ♻), ppc64el: Regression or new test ♻ (reference ♻), riscv64: Regression or new test ♻ (reference ♻), s390x: Regression or new test ♻ (reference ♻)
- ∙ ∙ Too young, only 1 of 5 days old
- ∙ ∙ Build-Depends(-Arch): ruby-sinatra ruby-rack (not considered)
- ∙ ∙ Build-Depends(-Arch): ruby-sinatra ruby-rack-session (not considered)
- ∙ ∙ Build-Depends(-Arch): ruby-sinatra ruby-rackup (not considered)
- ∙ ∙ Depends: ruby-sinatra ruby-rack (not considered)
- ∙ ∙ Depends: ruby-sinatra ruby-rack-session (not considered)
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/r/ruby-sinatra.html
- ∙ ∙ Waiting for reproducibility test results on amd64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- Not considered

news

[2025-01-29] Accepted ruby-sinatra 4.1.1-3 (source) into unstable (Antonio Terceiro)
[2025-01-28] Accepted ruby-sinatra 4.1.1-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-01-27] Accepted ruby-sinatra 4.1.1-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2024-09-12] ruby-sinatra 3.2.0-1 MIGRATED to testing (Debian testing watch)
[2024-09-10] Accepted ruby-sinatra 3.2.0-1 (source) into unstable (Antonio Terceiro)
[2024-09-05] Accepted ruby-sinatra 2.0.8.1-2+deb11u1 (source) into oldstable-security (Jochen Sprickerhof)
[2023-02-13] ruby-sinatra 3.0.5-3 MIGRATED to testing (Debian testing watch)
[2023-02-10] Accepted ruby-sinatra 3.0.5-3 (source) into unstable (Sruthi Chandran)
[2023-01-10] Accepted ruby-sinatra 2.0.5-4+deb10u2 (source all) into oldstable (Chris Lamb)
[2022-12-30] ruby-sinatra 3.0.5-2 MIGRATED to testing (Debian testing watch)
[2022-12-26] Accepted ruby-sinatra 3.0.5-2 (source) into unstable (Antonio Terceiro)
[2022-12-24] Accepted ruby-sinatra 3.0.5-1 (source) into experimental (Antonio Terceiro)
[2022-11-16] Accepted ruby-sinatra 3.0.3-1 (source) into experimental (Lucas Kanashiro)
[2022-10-28] Accepted ruby-sinatra 2.0.5-4+deb10u1 (source) into oldstable (Utkarsh Gupta)
[2022-08-27] ruby-sinatra 2.2.2-1 MIGRATED to testing (Debian testing watch)
[2022-08-27] ruby-sinatra 2.2.2-1 MIGRATED to testing (Debian testing watch)
[2022-08-20] Accepted ruby-sinatra 2.2.2-1 (source) into unstable (Antonio Terceiro)
[2020-04-14] ruby-sinatra 2.0.8.1-2 MIGRATED to testing (Debian testing watch)
[2020-04-08] Accepted ruby-sinatra 2.0.8.1-2 (source) into unstable (Antonio Terceiro)
[2020-02-10] ruby-sinatra 2.0.8.1-1 MIGRATED to testing (Debian testing watch)
[2020-02-07] Accepted ruby-sinatra 2.0.8.1-1 (source) into unstable (Georg Faerber)
[2019-02-06] ruby-sinatra 2.0.5-4 MIGRATED to testing (Debian testing watch)
[2019-01-21] Accepted ruby-sinatra 2.0.5-4 (source) into unstable (Antonio Terceiro)
[2019-01-08] Accepted ruby-sinatra 2.0.5-3 (source) into unstable (Sruthi Chandran)
[2019-01-05] Accepted ruby-sinatra 2.0.5-2 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-06] ruby-sinatra 1.4.8-1 MIGRATED to testing (Debian testing watch)
[2018-03-01] Accepted ruby-sinatra 1.4.8-1 (source) into unstable (Antonio Terceiro)
[2016-11-21] ruby-sinatra 1.4.7-5 MIGRATED to testing (Debian testing watch)
[2016-11-16] Accepted ruby-sinatra 1.4.7-5 (source) into unstable (Antonio Terceiro)
[2016-07-12] ruby-sinatra 1.4.7-4 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 1
RC: 1
I&N: 0
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.2.0-1
1 bug

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing