ruby-yajl - Debian Package Tracker

general

source: ruby-yajl (main)
version: 1.4.3-1
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Per Andersson [DMD] – Pirate Praveen [DMD] – Balasankar C [DMD]
arch: any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.2.0-3
oldstable: 1.3.1-1
stable: 1.4.1-1
testing: 1.4.3-1
unstable: 1.4.3-1

versioned links

1.2.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-yajl

action needed

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.4.3-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit da09804c21034b15900c693ed48d984449c0a057
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Sat Sep 3 20:08:45 2022 +0000

    Update standards version to 4.6.1, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

Created: 2022-09-27 Last update: 2022-11-29 02:37

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-08-27 Last update: 2022-09-23 16:05

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2022-24795: (needs triaging) yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.

You can find information about how to handle this issue in the security team's documentation.

Created: 2022-07-04 Last update: 2022-10-16 06:04

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).

Created: 2020-11-17 Last update: 2022-08-26 19:08

testing migrations

This package is part of the ongoing testing transition known as ruby3.1-default. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2022-09-04] ruby-yajl 1.4.3-1 MIGRATED to testing (Debian testing watch)
[2022-08-26] Accepted ruby-yajl 1.4.3-1 (source) into unstable (Ravi Dwivedi) (signed by: Praveen Arimbrathodiyil)
[2020-10-25] ruby-yajl 1.4.1-1 MIGRATED to testing (Debian testing watch)
[2020-10-25] ruby-yajl 1.4.1-1 MIGRATED to testing (Debian testing watch)
[2020-10-23] Accepted ruby-yajl 1.4.1-1 (source) into unstable (Abraham Raji) (signed by: Praveen Arimbrathodiyil)
[2020-07-19] ruby-yajl 1.3.1-2 MIGRATED to testing (Debian testing watch)
[2020-07-16] Accepted ruby-yajl 1.3.1-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-02-08] ruby-yajl 1.3.1-1 MIGRATED to testing (Debian testing watch)
[2018-02-02] Accepted ruby-yajl 1.3.1-1 (source amd64) into unstable (Lucas Kanashiro)
[2017-11-13] ruby-yajl 1.2.0-3.1 MIGRATED to testing (Debian testing watch)
[2017-11-08] Accepted ruby-yajl 1.1.0-2+deb7u1 (source amd64) into oldoldstable (Markus Koschany)
[2017-11-08] Accepted ruby-yajl 1.2.0-3.1 (source) into unstable (Salvatore Bonaccorso)
[2015-07-14] ruby-yajl 1.2.0-3 MIGRATED to testing (Britney)
[2015-07-08] Accepted ruby-yajl 1.2.0-3 (source) into unstable (Christian Hofstaedtler)
[2014-04-12] ruby-yajl 1.2.0-2 MIGRATED to testing (Debian testing watch)
[2014-04-06] Accepted ruby-yajl 1.2.0-2 (source amd64) (Per Andersson)
[2013-12-29] ruby-yajl 1.2.0-1 MIGRATED to testing (Debian testing watch)
[2013-12-19] Accepted ruby-yajl 1.2.0-1 (source amd64) (Cédric Boutillier)
[2013-04-23] ruby-yajl 1.1.0-2 MIGRATED to testing (Debian testing watch)
[2013-04-12] Accepted ruby-yajl 1.1.0-2 (source amd64) (Tollef Fog Heen)
[2012-07-06] ruby-yajl 1.1.0-1 MIGRATED to testing (Debian testing watch)
[2012-06-25] Accepted ruby-yajl 1.1.0-1 (source amd64) (Per Andersson) (signed by: Vincent Fourmond)
[2011-10-08] ruby-yajl 1.0.0-1 MIGRATED to testing (Debian testing watch)
[2011-09-27] Accepted ruby-yajl 1.0.0-1 (source amd64) (Praveen Arimbrathodiyil)
[2011-09-18] ruby-yajl 0.8.3-2 MIGRATED to testing (Debian testing watch)
[2011-09-07] Accepted ruby-yajl 0.8.3-2 (source amd64) (Antonio Terceiro)
[2011-09-06] Accepted ruby-yajl 0.8.3-1 (source amd64) (Praveen Arimbrathodiyil)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4.3-1