dpkg - Debian Package Tracker

general

source: dpkg (main)
version: 1.23.7
maintainer: Dpkg Developers (archive) (DMD)
uploaders: Guillem Jover [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.20.13
o-o-sec: 1.20.10
oldstable: 1.21.22
stable: 1.22.22
stable-p-u: 1.22.22
testing: 1.23.7
unstable: 1.23.7

versioned links

1.20.10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.20.13: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.21.22: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.22.22: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.23.7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dpkg (359 bugs: 0, 134, 225, 0)
dpkg-dev (151 bugs: 0, 46, 105, 0)
dselect (87 bugs: 0, 30, 57, 0)
libdpkg-dev (2 bugs: 0, 0, 2, 0)
libdpkg-perl (12 bugs: 0, 5, 7, 0)

action needed

26 bugs tagged patch in the BTS normal

The BTS contains patches fixing 26 bugs (34 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2026-03-14 16:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.23.8, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 84236bafefdf9aee6494dc4cd837a7b4055e2775
Author: Guillem Jover <guillem@debian.org>
Date:   Tue Mar 10 13:11:19 2026 +0100

    libdpkg: Update suppressions for cppcheck 2.20.0
    
    The new version generates a couple of new false positive, suppress them.
    
    Warned-by: cppcheck

commit 9f22b74c0db0052f01c0394f445c6651a75bfe6d
Author: Guillem Jover <guillem@debian.org>
Date:   Tue Mar 10 13:10:00 2026 +0100

    src, lib: Reduce variables scope
    
    Warned-by: cppcheck 2.20.0
    Changelog: internal

commit 839df8f9226bac8455ee23014c179c17d812ae50
Author: Guillem Jover <guillem@debian.org>
Date:   Mon Mar 9 02:25:25 2026 +0100

    scripts: Do not fail on empty Maintainer field from parsed changelog
    
    While this is invalid syntax (according to the documentation), we have
    accepted these kinds of entries up to now, and this was an unintentional
    change. Modify the code to handle them for now, while there's discussion
    on how to improve the notion of unfinalized changelog entries.
    
    Fixes: commit 37cf54ce95bf274278b2eeb47a49a4b3b3840612
    Closes: #1130119

commit 3cb9b55946b01028760b9988ee9fdfc1f9934ce7
Author: Guillem Jover <guillem@debian.org>
Date:   Sat Mar 7 01:01:02 2026 +0100

    Bump version to 1.23.8

Created: 2023-02-08 Last update: 2026-03-14 11:33

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2025-6297: (needs triaging) It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.
CVE-2026-2219: (needs triaging) It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-06-30 Last update: 2026-03-14 14:00

news

[rss feed]

[2026-03-09] dpkg 1.23.7 MIGRATED to testing (Debian testing watch)
[2026-03-07] Accepted dpkg 1.22.22 (source) into proposed-updates (Debian FTP Masters) (signed by: Guillem Jover)
[2026-03-07] Accepted dpkg 1.23.7 (source) into unstable (Guillem Jover)
[2026-03-05] Accepted dpkg 1.23.6 (source) into unstable (Guillem Jover)
[2026-01-25] dpkg 1.23.5 MIGRATED to testing (Debian testing watch)
[2026-01-23] Accepted dpkg 1.23.5 (source) into unstable (Guillem Jover)
[2026-01-18] Accepted dpkg 1.23.4 (source) into unstable (Guillem Jover)
[2026-01-08] dpkg 1.23.3 MIGRATED to testing (Debian testing watch)
[2025-12-20] Accepted dpkg 1.23.3 (source) into unstable (Guillem Jover)
[2025-12-18] Accepted dpkg 1.23.2 (source) into unstable (Guillem Jover)
[2025-12-17] Accepted dpkg 1.23.1 (source) into unstable (Guillem Jover)
[2025-12-16] Accepted dpkg 1.23.0 (source) into unstable (Guillem Jover)
[2025-07-09] dpkg 1.22.21 MIGRATED to testing (Debian testing watch)
[2025-07-02] Accepted dpkg 1.22.21 (source) into unstable (Guillem Jover)
[2025-06-10] dpkg 1.22.20 MIGRATED to testing (Debian testing watch)
[2025-06-04] Accepted dpkg 1.22.20 (source) into unstable (Guillem Jover)
[2025-05-30] dpkg 1.22.19 MIGRATED to testing (Debian testing watch)
[2025-05-18] Accepted dpkg 1.22.19 (source) into unstable (Guillem Jover)
[2025-03-14] dpkg 1.22.18 MIGRATED to testing (Debian testing watch)
[2025-03-09] Accepted dpkg 1.22.18 (source) into unstable (Guillem Jover)
[2025-03-07] Accepted dpkg 1.22.17 (source) into unstable (Guillem Jover)
[2025-03-07] Accepted dpkg 1.22.16 (source) into unstable (Guillem Jover)
[2025-02-10] dpkg 1.22.15 MIGRATED to testing (Debian testing watch)
[2025-02-04] dpkg 1.22.14 MIGRATED to testing (Debian testing watch)
[2025-02-03] Accepted dpkg 1.22.15 (source) into unstable (Guillem Jover)
[2025-01-16] Accepted dpkg 1.22.14 (source) into unstable (Guillem Jover)
[2025-01-03] Accepted dpkg 1.22.13 (source) into unstable (Guillem Jover)
[2025-01-01] Accepted dpkg 1.22.12 (source) into unstable (Guillem Jover)
[2024-08-04] dpkg 1.22.11 MIGRATED to testing (Debian testing watch)
[2024-08-01] Accepted dpkg 1.22.11 (source) into unstable (Guillem Jover)

bugs [bug history graph]

all: 478 616
RC: 0
I&N: 170 216
M&W: 306 398
F&P: 2
patch: 26 34

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (47, 65)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.22.21ubuntu9
468 bugs (7 patches)
patches for 1.22.21ubuntu9