libmodbus - Debian Package Tracker

general

source: libmodbus (main)
version: 3.1.11-2
maintainer: SZ Lin (林上智) (DMD)
uploaders: Ivo De Decker [DMD]
arch: any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.4-2+deb10u1
o-o-sec: 3.1.4-2+deb10u2
oldstable: 3.1.6-2
stable: 3.1.6-2.1
testing: 3.1.11-2
unstable: 3.1.11-2

versioned links

3.1.4-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.4-2+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.6-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.11-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmodbus-dev
libmodbus5

action needed

5 security issues in bullseye high

There are 5 open security issues in bullseye.

1 important issue:

CVE-2024-10918: Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.

4 issues postponed or untriaged:

CVE-2022-0367: (needs triaging) A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
CVE-2024-36843: (needs triaging) libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.
CVE-2024-36844: (needs triaging) libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
CVE-2024-36845: (needs triaging) An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

Created: 2025-02-27 Last update: 2025-02-28 05:02

4 security issues in bookworm high

There are 4 open security issues in bookworm.

1 important issue:

CVE-2024-10918: Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.

3 issues left for the package maintainer to handle:

CVE-2024-36843: (needs triaging) libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.
CVE-2024-36844: (needs triaging) libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
CVE-2024-36845: (needs triaging) An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-05-02 Last update: 2025-02-28 05:02

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-02-07 Last update: 2025-03-01 05:03

debian/patches: 3 patches to forward upstream low

Among the 3 debian patches available in version 3.1.11-2 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-01-24 Last update: 2025-02-03 12:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:25

news

[rss feed]

[2025-02-07] libmodbus 3.1.11-2 MIGRATED to testing (Debian testing watch)
[2025-02-02] Accepted libmodbus 3.1.11-2 (source) into unstable (SZ Lin (林上智)) (signed by: SZ Lin)
[2025-01-23] Accepted libmodbus 3.1.11-1 (source) into unstable (SZ Lin (林上智)) (signed by: SZ Lin)
[2024-05-21] libmodbus 3.1.10-2 MIGRATED to testing (Debian testing watch)
[2024-05-19] Accepted libmodbus 3.1.10-2 (source) into unstable (SZ Lin (林上智)) (signed by: SZ Lin)
[2023-10-08] libmodbus 3.1.10-1 MIGRATED to testing (Debian testing watch)
[2023-10-04] Accepted libmodbus 3.1.10-1 (source) into unstable (SZ Lin (林上智)) (signed by: SZ Lin)
[2022-10-20] libmodbus 3.1.6-2.1 MIGRATED to testing (Debian testing watch)
[2022-10-18] Accepted libmodbus 3.1.6-2.1 (source) into unstable (Adrian Bunk)
[2022-09-04] Accepted libmodbus 3.1.4-2+deb10u2 (source) into oldstable (Markus Koschany)
[2021-12-24] Accepted libmodbus 3.1.4-2+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Thorsten Alteholz)
[2021-11-22] Accepted libmodbus 3.0.6-2+deb9u1 (source amd64) into oldoldstable (Thorsten Alteholz)
[2020-02-28] Accepted libmodbus 3.1.6-2~bpo10+2 (source) into buster-backports (Martin) (signed by: W. Martin Borgert)
[2020-02-25] Accepted libmodbus 3.1.6-2~bpo10+1 (source amd64) into buster-backports, buster-backports (Martin) (signed by: W. Martin Borgert)
[2019-12-11] libmodbus 3.1.6-2 MIGRATED to testing (Debian testing watch)
[2019-12-09] Accepted libmodbus 3.1.6-2 (source) into unstable (SZ Lin (林上智)) (signed by: SZ Lin)
[2019-08-30] libmodbus 3.1.6-1 MIGRATED to testing (Debian testing watch)
[2019-08-27] Accepted libmodbus 3.1.6-1 (source) into unstable (SZ Lin (林上智)) (signed by: SZ Lin)
[2018-12-26] libmodbus 3.1.4-2 MIGRATED to testing (Debian testing watch)
[2018-12-21] Accepted libmodbus 3.1.4-2 (source amd64) into unstable (SZ Lin (林上智)) (signed by: SZ Lin)
[2018-12-01] Accepted libmodbus 3.1.4-1 (source amd64) into unstable (SZ Lin (林上智)) (signed by: SZ Lin)
[2016-12-06] libmodbus 3.0.6-2 MIGRATED to testing (Debian testing watch)
[2016-11-30] Accepted libmodbus 3.0.6-2 (source) into unstable (Ivo De Decker)
[2014-10-29] libmodbus 3.0.6-1 MIGRATED to testing (Britney)
[2014-10-18] Accepted libmodbus 3.0.6-1 (source amd64) into unstable (Ivo De Decker)
[2013-10-18] libmodbus 3.0.5-1 MIGRATED to testing (Debian testing watch)
[2013-10-07] Accepted libmodbus 3.0.5-1 (source amd64) (Ivo De Decker)
[2013-07-12] libmodbus 3.0.4-1 MIGRATED to testing (Debian testing watch)
[2013-06-30] Accepted libmodbus 3.0.4-1 (source amd64) (Ivo De Decker)
[2013-05-24] libmodbus 3.0.3-4 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.1.11-2