Debian Package Tracker - ruby-websocket-extensions

general

source: ruby-websocket-extensions (main)
version: 0.1.2-1
maintainer: Debian Ruby Extras Maintainers (archive) (DMD)
uploaders: Hleb Valoshka [DMD]
arch: all
std-ver: 3.9.7
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.1.2-1
stable: 0.1.2-1
testing: 0.1.2-1
unstable: 0.1.2-1

versioned links

0.1.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-websocket-extensions

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

redirecting DEPRECATED pkg-ruby-extras.alioth.debian.org/cgi-bin/gemwatch to gemwatch.debian.net

Created: 2020-06-29 Last update: 2020-08-09 04:41

A new upstream version is available: 0.1.5 high

A new upstream version 0.1.5 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2020-08-09 04:41

1 security issue in stretch high

There is 1 open security issue in stretch.

1 important issue:

CVE-2020-7663: websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Please fix it.

Created: 2020-06-11 Last update: 2020-08-07 06:08

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-7663: websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Please fix it.

Created: 2020-06-11 Last update: 2020-08-07 06:08

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2020-7663: websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Please fix it.

Created: 2020-06-11 Last update: 2020-08-07 06:08

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2020-7663: websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Please fix it.

Created: 2020-06-11 Last update: 2020-08-07 06:08

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 3.9.7).

Created: 2018-04-16 Last update: 2020-01-21 05:06

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

ruby-websocket-extensions could have its dependency on ruby annotated with :any

Created: 2016-11-13 Last update: 2020-08-09 04:44

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.1.2-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit c7d3f5a2eda403f95207622d3c645451236bdf38
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Apr 24 09:58:14 2020 +0000

    Use canonical URL in Vcs-Git.
    
    Fixes: lintian: vcs-field-not-canonical
    See-also: https://lintian.debian.org/tags/vcs-field-not-canonical.html

commit 0284d67a68804d407ae4844fcce00c19da0f70a9
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Apr 24 09:57:42 2020 +0000

    Update Vcs-* headers from URL redirect.
    
    Fixes: lintian: vcs-obsolete-in-debian-infrastructure
    See-also: https://lintian.debian.org/tags/vcs-obsolete-in-debian-infrastructure.html

commit 76c31f55fd86f473915fe55a0d8bb61742bd9fda
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Apr 24 09:57:07 2020 +0000

    Set debhelper-compat version in Build-Depends.
    
    Fixes: lintian: uses-debhelper-compat-file
    See-also: https://lintian.debian.org/tags/uses-debhelper-compat-file.html

commit 6bc649b4e60c069d7440d873f11f58cd5e65547f
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Apr 24 09:56:34 2020 +0000

    Bump debhelper from deprecated 9 to 12.
    
    Fixes: lintian: package-uses-deprecated-debhelper-compat-version
    See-also: https://lintian.debian.org/tags/package-uses-deprecated-debhelper-compat-version.html

commit 64b7ea24ce9b92d8b63f3f3a2db36e924f9577ac
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Apr 24 09:56:02 2020 +0000

    Use secure URI in Homepage field.
    
    Fixes: lintian: homepage-field-uses-insecure-uri
    See-also: https://lintian.debian.org/tags/homepage-field-uses-insecure-uri.html

commit 9242c2f21224b3bdf79811dafac27526e587bf5b
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Apr 24 09:55:29 2020 +0000

    Use secure URI in debian/watch.
    
    Fixes: lintian: debian-watch-uses-insecure-uri
    See-also: https://lintian.debian.org/tags/debian-watch-uses-insecure-uri.html

commit e4cdd6a0bc1fc386d8b5e419d22c8e021a4b9e50
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Apr 24 09:54:51 2020 +0000

    Use secure copyright file specification URI.
    
    Fixes: lintian: insecure-copyright-format-uri
    See-also: https://lintian.debian.org/tags/insecure-copyright-format-uri.html

commit 37bac2d659d80651f892bc835bb0d2cb26a27432
Author: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date:   Tue Aug 13 08:16:14 2019 +0530

    Update d/ch

commit 84f3456097a1e0820b6cec658b22792a7061e20c
Author: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date:   Tue Aug 13 08:16:14 2019 +0530

    Add salsa-ci.yml

commit b316b0d6307be1816788803348aee6f51d067e1a
Author: Hleb Valoshka <375gnu@gmail.com>
Date:   Sat Mar 17 13:16:17 2018 +0000

    Remove myself from uploaders

The Vcs URL is using anonscm.debian.org. Please update it for the move to salsa.debian.org.

Created: 2018-03-18 Last update: 2020-08-08 13:32

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-07-29 12:34

news

[rss feed]

[2016-03-14] ruby-websocket-extensions 0.1.2-1 MIGRATED to testing (Debian testing watch)
[2016-03-08] Accepted ruby-websocket-extensions 0.1.2-1 (source all) into unstable, unstable (Hleb Valoshka) (signed by: Christian Hofstaedtler)

bugs [bug history graph]

all: 1
RC: 1
I&N: 0
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 5)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.1.2-1