onnx - Debian Package Tracker

general

source: onnx (main)
version: 1.20.0-4
maintainer: Debian Deep Learning Team (archive) (DMD)
uploaders: Mo Zhou [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.7.0+dfsg-3
oldstable: 1.12.0-2
stable: 1.17.0-3
testing: 1.20.0-4
unstable: 1.20.0-4

versioned links

1.7.0+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.20.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.20.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libonnx-dev
libonnx-testdata
libonnx1l
python3-onnx

action needed

A new upstream version is available: 1.20.1 high

A new upstream version 1.20.1 is available, you should consider packaging it.

Created: 2025-11-26 Last update: 2026-03-23 07:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-28500: Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.

Created: 2026-03-18 Last update: 2026-03-18 21:17

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-28500: Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.

Created: 2026-03-18 Last update: 2026-03-18 21:17

2 security issues in bullseye high

There are 2 open security issues in bullseye.

1 important issue:

CVE-2026-28500: Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.

1 issue postponed or untriaged:

CVE-2024-7776: (postponed; to be fixed through a stable update) A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.

Created: 2026-03-18 Last update: 2026-03-18 21:17

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 51997ac1e997cbf9e70af32164937469f5097b5d
Author: Dylan Aïssi <dylan.aissi@collabora.com>
Date:   Sun Jan 18 21:36:06 2026 +0100

    Add new autopkgtest creating a dummy neural network with pytorch
    
    This is the first step of onnxruntime autopkgtests which is currently
    failing.
    
    Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

Created: 2026-03-18 Last update: 2026-03-18 11:01

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-03-16 Last update: 2026-03-16 13:01

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-28500: (needs triaging) Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-03-18 Last update: 2026-03-18 21:17

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-7776: (needs triaging) A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
CVE-2026-28500: (needs triaging) Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-06-07 Last update: 2026-03-18 21:17

debian/patches: 3 patches to forward upstream low

Among the 3 debian patches available in version 1.20.0-4 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2026-03-16 08:03

testing migrations

This package will soon be part of the auto-protobuf transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2026-03-18] onnx 1.20.0-4 MIGRATED to testing (Debian testing watch)
[2026-03-15] Accepted onnx 1.20.0-4 (source) into unstable (Dylan Aïssi)
[2026-03-11] Accepted onnx 1.20.0-3 (source amd64 all) into experimental (Debian FTP Masters) (signed by: Dylan Aïssi)
[2026-01-12] Accepted onnx 1.20.0-1 (source) into unstable (Shengqi Chen)
[2026-01-09] Accepted onnx 1.20.0-1~exp1 (source) into experimental (Shengqi Chen)
[2025-10-23] Accepted onnx 1.19.1-1~exp1 (source) into experimental (Shengqi Chen)
[2025-02-02] onnx 1.17.0-3 MIGRATED to testing (Debian testing watch)
[2025-01-30] Accepted onnx 1.17.0-3 (source) into unstable (Mo Zhou)
[2025-01-23] Accepted onnx 1.17.0-2 (source) into unstable (Mo Zhou)
[2025-01-20] Accepted onnx 1.17.0-1 (source) into experimental (Mo Zhou)
[2024-10-18] onnx 1.16.2-1 MIGRATED to testing (Debian testing watch)
[2024-09-27] Accepted onnx 1.16.2-1 (source) into unstable (Mo Zhou)
[2024-07-14] Accepted onnx 1.16.1-1 (source) into experimental (Mo Zhou)
[2024-05-03] onnx 1.14.1-2.1 MIGRATED to testing (Debian testing watch)
[2024-03-16] onnx REMOVED from testing (Debian testing watch)
[2024-02-29] Accepted onnx 1.14.1-2.1 (source) into unstable (Benjamin Drung)
[2024-02-03] Accepted onnx 1.14.1-2.1~exp1 (source) into experimental (Lucas Kanashiro)
[2024-01-15] onnx 1.14.1-2 MIGRATED to testing (Debian testing watch)
[2024-01-01] Accepted onnx 1.14.1-2 (source) into unstable (Mo Zhou)
[2023-12-30] Accepted onnx 1.14.1-1 (source) into experimental (Mo Zhou)
[2023-09-13] onnx 1.13.1-3 MIGRATED to testing (Debian testing watch)
[2023-09-11] Accepted onnx 1.13.1-3 (source) into unstable (Mo Zhou)
[2023-09-10] Accepted onnx 1.13.1-2 (source) into unstable (Mo Zhou)
[2023-08-20] Accepted onnx 1.13.1-1 (source) into unstable (Mo Zhou)
[2022-07-13] onnx 1.12.0-2 MIGRATED to testing (Debian testing watch)
[2022-07-08] Accepted onnx 1.12.0-2 (source) into unstable (Mo Zhou)
[2022-07-08] onnx 1.12.0-1 MIGRATED to testing (Debian testing watch)
[2022-06-26] Accepted onnx 1.12.0-1 (source) into unstable (Mo Zhou)
[2022-06-24] Accepted onnx 1.12.0-1~exp1 (source) into experimental (Mo Zhou)
[2022-06-15] onnx REMOVED from testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 3)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.20.0-1