Debian Package Tracker - ruby-websocket-extensions

general

source: ruby-websocket-extensions (main)
version: 0.1.5-1
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Pirate Praveen [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.1.2-1
old-sec: 0.1.2-1+deb9u1
stable: 0.1.2-1
testing: 0.1.5-1
unstable: 0.1.5-1

versioned links

0.1.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.1.2-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.1.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-websocket-extensions

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

redirecting DEPRECATED pkg-ruby-extras.alioth.debian.org/cgi-bin/gemwatch to gemwatch.debian.net

Created: 2020-06-29 Last update: 2021-01-18 18:03

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2020-7663: websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Please fix it.

Created: 2020-06-11 Last update: 2020-09-08 05:00

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

ruby-websocket-extensions could have its dependency on ruby annotated with :any

Created: 2016-11-13 Last update: 2021-01-18 15:32

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 20ee9183a3f0ccc993a93fd8cc0679b525168d84
Author: Cédric Boutillier <boutil@debian.org>
Date:   Thu Sep 3 20:50:44 2020 +0000

    [ci skip] Add .gitattributes to keep unwanted files out of the source package

Created: 2020-09-03 Last update: 2021-01-14 13:07

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2020-11-17 05:41

news

[rss feed]

[2020-09-08] ruby-websocket-extensions 0.1.5-1 MIGRATED to testing (Debian testing watch)
[2020-09-03] Accepted ruby-websocket-extensions 0.1.5-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-08-19] Accepted ruby-websocket-extensions 0.1.2-1+deb9u1 (source all) into oldstable (Chris Lamb)
[2016-03-14] ruby-websocket-extensions 0.1.2-1 MIGRATED to testing (Debian testing watch)
[2016-03-08] Accepted ruby-websocket-extensions 0.1.2-1 (source all) into unstable, unstable (Hleb Valoshka) (signed by: Christian Hofstaedtler)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.1.5-1