Register | Log in

7zip

7-Zip file archiver with a high compression ratio

Choose email to subscribe with

general

source: 7zip (main)
version: 26.00+dfsg-1
maintainer: YOKOTA Hiroshi (DMD) (DM)
uploaders: Dylan Aïssi [DMD]
arch: any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 22.01+dfsg-8+deb12u1
old-bpo: 24.09+dfsg-8~bpo12+1
stable: 25.01+dfsg-1~deb13u1
testing: 26.00+dfsg-1
unstable: 26.00+dfsg-1

versioned links

22.01+dfsg-8+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
24.09+dfsg-8~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
25.01+dfsg-1~deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
26.00+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

7zip
7zip-standalone

action needed

3 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit b5e863b044b10ed331633f7e07c55bce6fcae4f3
Merge: 23d7abd 2c55789
Author: YOKOTA Hiroshi <yokota.hgml@gmail.com>
Date:   Wed Mar 4 12:18:49 2026 +0900

    Merge branch 'typo' into 'master'
    
    Typo
    
    See merge request debian/7zip!16

commit 2c55789d3cc624d2c629ac5d3452b06ade7f5ead
Author: Sylvain Beucler <beuc@beuc.net>
Date:   Tue Mar 3 20:00:31 2026 +0100

    Typos in 7z Debian manpage

commit 7cbb762428dfe37f808dcc8d898545befac76860
Author: Sylvain Beucler <beuc@beuc.net>
Date:   Tue Mar 3 18:16:11 2026 +0000

    Typo

Created: 2026-03-04 Last update: 2026-03-04 04:33

5 low-priority security issues in bookworm low

There are 5 open security issues in bookworm.

5 issues left for the package maintainer to handle:

CVE-2023-31102: (needs triaging) Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
CVE-2023-40481: (needs triaging) 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SQFS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18589.
CVE-2025-11001: (needs triaging) 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.
CVE-2025-11002: (needs triaging) 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.
CVE-2025-55188: (needs triaging) 7-Zip before 25.01 does not always properly handle symbolic links during extraction.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-12-30 Last update: 2026-02-20 06:32

news

[2026-02-20] 7zip 26.00+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-02-13] Accepted 7zip 26.00+dfsg-1 (source) into unstable (YOKOTA Hiroshi)
[2025-12-30] 7zip 25.01+dfsg-5 MIGRATED to testing (Debian testing watch)
[2025-12-27] Accepted 7zip 25.01+dfsg-5 (source) into unstable (YOKOTA Hiroshi)
[2025-11-05] 7zip 25.01+dfsg-4 MIGRATED to testing (Debian testing watch)
[2025-11-03] Accepted 7zip 25.01+dfsg-4 (source) into unstable (YOKOTA Hiroshi)
[2025-11-02] Accepted 7zip 25.01+dfsg-1~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: YOKOTA Hiroshi)
[2025-10-01] 7zip 25.01+dfsg-3 MIGRATED to testing (Debian testing watch)
[2025-09-29] Accepted 7zip 25.01+dfsg-3 (source) into unstable (YOKOTA Hiroshi)
[2025-08-25] 7zip 25.01+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-08-23] Accepted 7zip 25.01+dfsg-2 (source) into unstable (YOKOTA Hiroshi)
[2025-08-13] 7zip 25.01+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-08-04] Accepted 7zip 25.01+dfsg-1 (source) into unstable (YOKOTA Hiroshi)
[2025-07-11] Accepted 7zip 24.09+dfsg-8~bpo12+1 (source) into stable-backports (Roger Shimizu)
[2025-07-07] Accepted 7zip 25.00+dfsg-1 (source) into unstable (YOKOTA Hiroshi)
[2025-06-09] 7zip 24.09+dfsg-8 MIGRATED to testing (Debian testing watch)
[2025-05-08] Accepted 7zip 24.09+dfsg-8 (source) into unstable (YOKOTA Hiroshi)
[2025-03-31] Accepted 7zip 24.09+dfsg-7~bpo12+1 (source) into stable-backports (Roger Shimizu)
[2025-03-06] 7zip 24.09+dfsg-7 MIGRATED to testing (Debian testing watch)
[2025-03-01] Accepted 7zip 24.09+dfsg-7 (source) into unstable (YOKOTA Hiroshi)
[2025-03-01] 7zip 24.09+dfsg-6 MIGRATED to testing (Debian testing watch)
[2025-02-26] Accepted 7zip 24.09+dfsg-6 (source) into unstable (YOKOTA Hiroshi)
[2025-02-25] 7zip 24.09+dfsg-5 MIGRATED to testing (Debian testing watch)
[2025-02-23] Accepted 7zip 24.09+dfsg-5 (source) into unstable (YOKOTA Hiroshi)
[2025-02-16] 7zip 24.09+dfsg-4 MIGRATED to testing (Debian testing watch)
[2025-02-10] Accepted 7zip 24.09+dfsg-4 (source) into unstable (YOKOTA Hiroshi)
[2025-01-08] 7zip 24.09+dfsg-3 MIGRATED to testing (Debian testing watch)
[2025-01-03] Accepted 7zip 24.09+dfsg-3 (source) into unstable (YOKOTA Hiroshi)
[2024-12-23] Accepted 7zip 24.09+dfsg-2~bpo12+1 (source) into stable-backports (Roger Shimizu)
[2024-12-06] 7zip 24.09+dfsg-2 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 25.01+dfsg-5
5 bugs

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing