burp - Debian Package Tracker

general

source: burp (main)
version: 3.1.4-3.1
maintainer: Calogero Lo Leggio (DMD)
uploaders: Christoph Martin [DMD]
arch: any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.1.32-2
o-o-sec: 2.1.32-2+deb10u1
oldstable: 2.2.18-8
stable: 3.1.4-1
unstable: 3.1.4-3.1

versioned links

2.1.32-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.32-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.18-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.4-3.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

burp (2 bugs: 0, 2, 0, 0)

action needed

lintian reports 1 error and 13 warnings high

Lintian reports 1 error and 13 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-12-21 Last update: 2024-03-01 12:02

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2025-01-22 Last update: 2025-02-22 06:32

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-02-12 Last update: 2025-02-22 06:30

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 18fe6df356c61397c67b05ff5645c41c55e0e768
Merge: 34524d4 da401f2
Author: Calogero Lo Leggio <kalos@nerdrug.org>
Date:   Wed Feb 12 20:19:16 2025 +0000

    Merge branch 'debian' into 'debian'
    
    Fix time_t transition leftover
    
    See merge request debian/burp!4

commit da401f24975d92bead206a29231ce561f4d912b6
Author: Moritz Schlarb <schlarbm@uni-mainz.de>
Date:   Wed Feb 12 21:08:23 2025 +0100

    Fix time_t transition leftover
    
    Closes: #1091240

Created: 2025-02-12 Last update: 2025-02-17 22:34

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2017-16516: (needs triaging) In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
CVE-2022-24795: (needs triaging) yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-07-22 Last update: 2025-02-19 11:55

debian/patches: 2 patches to forward upstream low

Among the 5 debian patches available in version 3.1.4-3.1 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-09-04 Last update: 2023-12-21 10:09

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2025-02-21 04:28

testing migrations

excuses:
- Migration status for burp (- to 3.1.4-3.1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating burp would introduce bugs in testing: #1091240
- ∙ ∙ autopkgtest for burp/3.1.4-3.1: amd64: Pass, arm64: Pass, armel: Regression or new test ♻, armhf: Regression or new test ♻, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/b/burp.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- ∙ ∙ 429 days old (needed 5 days)
- Not considered

news

[rss feed]

[2025-01-23] burp REMOVED from testing (Debian testing watch)
[2023-12-24] burp 3.1.4-3.1 MIGRATED to testing (Debian testing watch)
[2023-12-20] Accepted burp 3.1.4-3.1 (source) into unstable (Jérémy Lal)
[2023-09-06] burp 3.1.4-3 MIGRATED to testing (Debian testing watch)
[2023-09-04] Accepted burp 3.1.4-3 (source) into unstable (Christoph Martin)
[2023-08-05] Accepted burp 2.1.32-2+deb10u1 (source) into oldoldstable (Sean Whitton)
[2022-12-15] burp 3.1.4-1 MIGRATED to testing (Debian testing watch)
[2022-12-12] Accepted burp 3.1.4-1 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2022-07-06] burp REMOVED from testing (Debian testing watch)
[2021-11-21] burp 2.4.0-3 MIGRATED to testing (Debian testing watch)
[2021-11-18] Accepted burp 2.4.0-3 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2020-06-10] burp 2.2.18-8 MIGRATED to testing (Debian testing watch)
[2020-06-08] burp 2.2.18-7 MIGRATED to testing (Debian testing watch)
[2020-06-07] Accepted burp 2.2.18-8 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2020-06-05] Accepted burp 2.2.18-7 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2019-08-07] burp 2.2.18-2 MIGRATED to testing (Debian testing watch)
[2019-08-05] Accepted burp 2.2.18-2 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2019-08-05] burp 2.2.18-1 MIGRATED to testing (Debian testing watch)
[2019-08-02] Accepted burp 2.2.18-1 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2019-01-16] burp 2.1.32-2 MIGRATED to testing (Debian testing watch)
[2019-01-11] Accepted burp 2.1.32-2 (source amd64) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2019-01-07] Accepted burp 2.1.32-1 (source amd64) into unstable (Calogero Lo Leggio (kalos)) (signed by: Christoph Martin)
[2018-09-20] burp 2.1.30-1 MIGRATED to testing (Debian testing watch)
[2018-09-14] Accepted burp 2.1.30-1 (source amd64) into unstable (Calogero Lo Leggio (kalos)) (signed by: Christoph Martin)
[2017-12-08] Accepted burp 2.0.54-4 (source amd64) into unstable (Calogero Lo Leggio (kalos)) (signed by: Christoph Martin)
[2017-01-24] Accepted burp 2.0.54-1~bpo8+1 (source amd64) into jessie-backports (Christoph Martin)
[2017-01-22] burp 2.0.54-1 MIGRATED to testing (Debian testing watch)
[2017-01-11] Accepted burp 2.0.54-1 (source amd64) into unstable (Calogero Lo Leggio (kalos)) (signed by: Christoph Martin)
[2017-01-10] burp 2.0.52-1 MIGRATED to testing (Debian testing watch)
[2016-12-30] Accepted burp 2.0.52-1 (source amd64) into unstable (Christoph Martin)

bugs [bug history graph]

all: 5
RC: 1
I&N: 4
M&W: 0
F&P: 0
patch: 1

links

homepage
lintian (1, 13)
buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.1.4-3.1build3
1 bug