ruby-yajl - Debian Package Tracker

general

source: ruby-yajl (main)
version: 1.4.3-1
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Per Andersson [DMD] – Pirate Praveen [DMD] – Balasankar C [DMD]
arch: any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.3.1-1
stable: 1.4.1-1
testing: 1.4.3-1
unstable: 1.4.3-1

versioned links

1.3.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-yajl

action needed

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.4.3-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit da09804c21034b15900c693ed48d984449c0a057
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Sat Sep 3 20:08:45 2022 +0000

    Update standards version to 4.6.1, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

Created: 2022-09-27 Last update: 2023-05-17 11:30

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2022-08-27 Last update: 2023-02-02 21:06

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2022-24795: (needs triaging) yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.

You can find information about how to handle this issue in the security team's documentation.

Created: 2022-07-04 Last update: 2023-03-27 11:06

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.5.1).

Created: 2020-11-17 Last update: 2022-12-17 19:17

news

[rss feed]

[2022-09-04] ruby-yajl 1.4.3-1 MIGRATED to testing (Debian testing watch)
[2022-08-26] Accepted ruby-yajl 1.4.3-1 (source) into unstable (Ravi Dwivedi) (signed by: Praveen Arimbrathodiyil)
[2020-10-25] ruby-yajl 1.4.1-1 MIGRATED to testing (Debian testing watch)
[2020-10-25] ruby-yajl 1.4.1-1 MIGRATED to testing (Debian testing watch)
[2020-10-23] Accepted ruby-yajl 1.4.1-1 (source) into unstable (Abraham Raji) (signed by: Praveen Arimbrathodiyil)
[2020-07-19] ruby-yajl 1.3.1-2 MIGRATED to testing (Debian testing watch)
[2020-07-16] Accepted ruby-yajl 1.3.1-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-02-08] ruby-yajl 1.3.1-1 MIGRATED to testing (Debian testing watch)
[2018-02-02] Accepted ruby-yajl 1.3.1-1 (source amd64) into unstable (Lucas Kanashiro)
[2017-11-13] ruby-yajl 1.2.0-3.1 MIGRATED to testing (Debian testing watch)
[2017-11-08] Accepted ruby-yajl 1.1.0-2+deb7u1 (source amd64) into oldoldstable (Markus Koschany)
[2017-11-08] Accepted ruby-yajl 1.2.0-3.1 (source) into unstable (Salvatore Bonaccorso)
[2015-07-14] ruby-yajl 1.2.0-3 MIGRATED to testing (Britney)
[2015-07-08] Accepted ruby-yajl 1.2.0-3 (source) into unstable (Christian Hofstaedtler)
[2014-04-12] ruby-yajl 1.2.0-2 MIGRATED to testing (Debian testing watch)
[2014-04-06] Accepted ruby-yajl 1.2.0-2 (source amd64) (Per Andersson)
[2013-12-29] ruby-yajl 1.2.0-1 MIGRATED to testing (Debian testing watch)
[2013-12-19] Accepted ruby-yajl 1.2.0-1 (source amd64) (Cédric Boutillier)
[2013-04-23] ruby-yajl 1.1.0-2 MIGRATED to testing (Debian testing watch)
[2013-04-12] Accepted ruby-yajl 1.1.0-2 (source amd64) (Tollef Fog Heen)
[2012-07-06] ruby-yajl 1.1.0-1 MIGRATED to testing (Debian testing watch)
[2012-06-25] Accepted ruby-yajl 1.1.0-1 (source amd64) (Per Andersson) (signed by: Vincent Fourmond)
[2011-10-08] ruby-yajl 1.0.0-1 MIGRATED to testing (Debian testing watch)
[2011-09-27] Accepted ruby-yajl 1.0.0-1 (source amd64) (Praveen Arimbrathodiyil)
[2011-09-18] ruby-yajl 0.8.3-2 MIGRATED to testing (Debian testing watch)
[2011-09-07] Accepted ruby-yajl 0.8.3-2 (source amd64) (Antonio Terceiro)
[2011-09-06] Accepted ruby-yajl 0.8.3-1 (source amd64) (Praveen Arimbrathodiyil)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4.3-1build2