ruby-tzinfo - Debian Package Tracker

general

source: ruby-tzinfo (main)
version: 2.0.4-3
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Hleb Valoshka [DMD]
arch: all
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.2.2-2
oldstable: 1.2.5-1
old-sec: 1.2.5-1+deb10u1
old-bpo: 1.2.6-1~bpo10+1
stable: 1.2.6-1
testing: 2.0.4-3
unstable: 2.0.4-3

versioned links

1.2.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.5-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.6-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.4-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-tzinfo

action needed

A new upstream version is available: 2.0.5 high

A new upstream version 2.0.5 is available, you should consider packaging it.

Created: 2022-07-23 Last update: 2022-12-09 13:16

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2022-31163: TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z`.

Created: 2022-07-24 Last update: 2022-08-18 21:00

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit ea6f4d4f411d1435ad096d10ba1ec4ccc09eeba5
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Wed Nov 9 19:03:46 2022 +0000

    Remove constraints unnecessary since buster (oldstable)
    
    * Build-Depends: Drop versioned constraint on ruby-concurrent.
    
    Changes-By: deb-scrub-obsolete

Created: 2022-11-09 Last update: 2022-12-08 19:06

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2022-07-30 Last update: 2022-07-30 12:16

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:24

news

[rss feed]

[2022-08-18] Accepted ruby-tzinfo 1.2.5-1+deb10u1 (source all) into oldstable (Chris Lamb)
[2021-12-07] ruby-tzinfo 2.0.4-3 MIGRATED to testing (Debian testing watch)
[2021-11-21] Accepted ruby-tzinfo 2.0.4-3 (source) into unstable (Cédric Boutillier)
[2021-11-19] Accepted ruby-tzinfo 2.0.4-2 (source) into unstable (Cédric Boutillier)
[2021-07-27] Accepted ruby-tzinfo 2.0.4-1 (source) into experimental (Sruthi Chandran)
[2020-07-13] Accepted ruby-tzinfo 1.2.6-1~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Sruthi Chandran)
[2020-02-09] ruby-tzinfo 1.2.6-1 MIGRATED to testing (Debian testing watch)
[2020-02-07] Accepted ruby-tzinfo 1.2.6-1 (source) into unstable (Abhijith PA)
[2018-03-26] ruby-tzinfo 1.2.5-1 MIGRATED to testing (Debian testing watch)
[2018-03-20] Accepted ruby-tzinfo 1.2.5-1 (source) into unstable (Hleb Valoshka) (signed by: Cédric Boutillier)
[2017-09-13] ruby-tzinfo 1.2.3-1 MIGRATED to testing (Debian testing watch)
[2017-09-08] Accepted ruby-tzinfo 1.2.3-1 (source) into unstable (Hleb Valoshka) (signed by: Cédric Boutillier)
[2016-10-09] ruby-tzinfo 1.2.2-2 MIGRATED to testing (Debian testing watch)
[2016-10-03] Accepted ruby-tzinfo 1.2.2-2 (source all) into unstable (Hleb Valoshka) (signed by: Christian Hofstaedtler)
[2016-02-02] Accepted ruby-tzinfo 1.1.0-2+deb8u1 (source all) into proposed-updates->stable-new, proposed-updates (Hleb Valoshka) (signed by: Antonio Terceiro)
[2015-08-02] ruby-tzinfo 1.2.2-1 MIGRATED to testing (Britney)
[2015-07-27] Accepted ruby-tzinfo 1.2.2-1 (source all) into unstable (Hleb Valoshka) (signed by: Cédric Boutillier)
[2014-05-25] ruby-tzinfo 1.1.0-2 MIGRATED to testing (Debian testing watch)
[2014-05-19] Accepted ruby-tzinfo 1.1.0-2 (source all) (Antonio Terceiro)
[2013-12-13] ruby-tzinfo 1.1.0-1 MIGRATED to testing (Debian testing watch)
[2013-12-02] Accepted ruby-tzinfo 1.1.0-1 (source all) (Hleb Valoshka) (signed by: Gunnar Eyal Wolf Iszaevich)
[2013-08-29] ruby-tzinfo 1.0.1-1 MIGRATED to testing (Debian testing watch)
[2013-08-18] Accepted ruby-tzinfo 1.0.1-1 (source all) (Hleb Valoshka) (signed by: Cédric Boutillier)
[2012-08-09] ruby-tzinfo 0.3.33-3 MIGRATED to testing (Debian testing watch)
[2012-07-29] Accepted ruby-tzinfo 0.3.33-3 (source all) (Dmitry Borodaenko)
[2012-07-06] ruby-tzinfo 0.3.33-2 MIGRATED to testing (Debian testing watch)
[2012-06-25] Accepted ruby-tzinfo 0.3.33-2 (source all) (Vincent Fourmond)
[2012-05-03] ruby-tzinfo 0.3.33-1 MIGRATED to testing (Debian testing watch)
[2012-04-22] Accepted ruby-tzinfo 0.3.33-1 (source all) (Dmitry Borodaenko)
[2012-04-21] Accepted ruby-tzinfo 0.3.32-1 (source all) (Dmitry Borodaenko)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.0.4-3