nsis - Debian Package Tracker

general

source: nsis (main)
version: 3.11-1
maintainer: Thomas Gaugler (DMD)
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.06.1-1
o-o-sec: 3.06.1-1+deb11u1
oldstable: 3.08-3+deb12u1
stable: 3.11-1
testing: 3.11-1
unstable: 3.11-1

versioned links

3.06.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.06.1-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.08-3+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.11-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

nsis (6 bugs: 0, 4, 2, 0)
nsis-common
nsis-doc
nsis-pluginapi

action needed

A new upstream version is available: 3.12 high

A new upstream version 3.12 is available, you should consider packaging it.

Created: 2026-04-23 Last update: 2026-04-25 23:02

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2026-42171: NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

1 issue left for the package maintainer to handle:

CVE-2025-43715: (needs triaging) Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-04-18 Last update: 2026-04-25 11:30

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2026-42171: NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

Created: 2026-04-25 Last update: 2026-04-25 11:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-42171: NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

Created: 2026-04-25 Last update: 2026-04-25 11:30

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-42171: NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

Created: 2026-04-25 Last update: 2026-04-25 11:30

2 security issues in bullseye high

There are 2 open security issues in bullseye.

1 important issue:

CVE-2026-42171: NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

1 issue postponed or untriaged:

CVE-2025-43715: (postponed; to be fixed through a stable update) Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.

Created: 2026-04-25 Last update: 2026-04-25 11:30

Depends on packages which need a new maintainer normal

The packages that nsis depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl-ns
docbook5-xml (#802377)
- Build-Depends: docbook5-xml

Created: 2019-11-22 Last update: 2026-04-26 02:02

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2025-04-10 Last update: 2025-04-10 00:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-03-31 15:01

news

[rss feed]

[2025-04-07] nsis 3.11-1 MIGRATED to testing (Debian testing watch)
[2025-04-02] Accepted nsis 3.11-1 (source) into unstable (Thomas Gaugler) (signed by: Didier 'OdyX' Raboud)
[2024-09-04] Accepted nsis 3.06.1-1+deb11u1 (source) into oldstable-security (Daniel Leidert)
[2024-06-17] Accepted nsis 3.08-3+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Didier 'OdyX' Raboud)
[2024-05-04] nsis 3.10-2 MIGRATED to testing (Debian testing watch)
[2024-04-29] Accepted nsis 3.10-2 (source) into unstable (Thomas Gaugler) (signed by: Didier 'OdyX' Raboud)
[2024-04-14] nsis 3.10-1 MIGRATED to testing (Debian testing watch)
[2024-04-09] Accepted nsis 3.10-1 (source) into unstable (Thomas Gaugler) (signed by: Didier 'OdyX' Raboud)
[2024-03-02] Accepted nsis 3.09-4 (source) into unstable (Thomas Gaugler) (signed by: Didier 'OdyX' Raboud)
[2024-02-02] nsis 3.09-3 MIGRATED to testing (Debian testing watch)
[2024-01-28] Accepted nsis 3.09-3 (source) into unstable (Thomas Gaugler) (signed by: Didier 'OdyX' Raboud)
[2024-01-08] Accepted nsis 3.09-2 (source) into unstable (Thomas Gaugler) (signed by: Didier 'OdyX' Raboud)
[2023-07-25] nsis 3.09-1 MIGRATED to testing (Debian testing watch)
[2023-07-20] Accepted nsis 3.09-1 (source) into unstable (Thomas Gaugler) (signed by: Didier 'OdyX' Raboud)
[2023-07-07] Accepted nsis 3.04-1+deb9u1 (source) into oldoldstable (Sean Whitton)
[2022-08-20] nsis 3.08-3 MIGRATED to testing (Debian testing watch)
[2022-08-15] Accepted nsis 3.08-3 (source) into unstable (Thomas Gaugler) (signed by: Didier 'OdyX' Raboud)
[2021-12-07] nsis 3.08-2 MIGRATED to testing (Debian testing watch)
[2021-12-05] Accepted nsis 3.08-2 (source) into unstable (Thomas Gaugler) (signed by: Paul Wise)
[2021-11-03] nsis 3.08-1 MIGRATED to testing (Debian testing watch)
[2021-11-01] Accepted nsis 3.08-1 (source) into unstable (Thomas Gaugler) (signed by: Paul Wise)
[2021-09-03] nsis 3.07-1 MIGRATED to testing (Debian testing watch)
[2021-09-01] Accepted nsis 3.07-1 (source) into unstable (Thomas Gaugler) (signed by: Didier 'OdyX' Raboud)
[2020-09-01] nsis 3.06.1-1 MIGRATED to testing (Debian testing watch)
[2020-08-29] Accepted nsis 3.06.1-1 (source) into unstable (Thomas Gaugler) (signed by: Didier 'OdyX' Raboud)
[2020-08-09] nsis 3.05-4 MIGRATED to testing (Debian testing watch)
[2020-08-06] Accepted nsis 3.05-4 (source) into unstable (Didier Raboud) (signed by: Didier 'OdyX' Raboud)
[2020-07-06] nsis 3.05-3 MIGRATED to testing (Debian testing watch)
[2020-07-03] Accepted nsis 3.05-3 (source) into unstable (Didier Raboud) (signed by: Didier 'OdyX' Raboud)
[2020-04-03] nsis 3.05-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 7
RC: 0
I&N: 5
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.10-2ubuntu2
2 bugs