apt-cacher-ng - Debian Package Tracker

general

source: apt-cacher-ng (main)
version: 3.7.5-1
maintainer: Eduard Bloch (DMD) (LowNMU)
arch: any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.6.4-1
oldstable: 3.7.4-1
stable: 3.7.5-1
testing: 3.7.5-1
unstable: 3.7.5-1

versioned links

3.6.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.7.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.7.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

apt-cacher-ng (68 bugs: 0, 44, 24, 0)

action needed

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2025-11146: Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.
CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.

Created: 2025-10-13 Last update: 2025-10-14 21:01

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.

1 issue left for the package maintainer to handle:

CVE-2025-11146: (needs triaging) Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-10-13 Last update: 2025-10-14 21:01

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.

Created: 2025-10-14 Last update: 2025-10-14 21:01

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.

Created: 2025-10-14 Last update: 2025-10-14 21:01

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.

Created: 2025-10-14 Last update: 2025-10-14 21:01

lintian reports 1 warning high

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2022-07-30 Last update: 2024-07-23 05:38

9 bugs tagged patch in the BTS normal

The BTS contains patches fixing 9 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-10-21 23:30

10 open merge requests in Salsa normal

There are 10 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2025-10-18 01:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.5.1).

Created: 2021-08-18 Last update: 2025-02-27 13:24

news

[rss feed]

[2024-07-29] apt-cacher-ng 3.7.5-1 MIGRATED to testing (Debian testing watch)
[2024-07-22] Accepted apt-cacher-ng 3.7.5-1 (source) into unstable (Eduard Bloch)
[2024-06-22] apt-cacher-ng 3.7.4-1.1 MIGRATED to testing (Debian testing watch)
[2024-06-16] Accepted apt-cacher-ng 3.7.4-1.1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2022-03-24] Accepted apt-cacher-ng 3.7.4-1~bpo11+1 (source amd64) into bullseye-backports, bullseye-backports (Debian FTP Masters) (signed by: Eduard Bloch)
[2021-12-13] apt-cacher-ng 3.7.4-1 MIGRATED to testing (Debian testing watch)
[2021-12-07] Accepted apt-cacher-ng 3.7.4-1 (source) into unstable (Eduard Bloch)
[2021-10-19] apt-cacher-ng 3.7.3-1 MIGRATED to testing (Debian testing watch)
[2021-10-19] apt-cacher-ng 3.7.3-1 MIGRATED to testing (Debian testing watch)
[2021-10-09] Accepted apt-cacher-ng 3.7.3-1 (source) into unstable (Eduard Bloch)
[2021-06-06] apt-cacher-ng 3.6.4-1 MIGRATED to testing (Debian testing watch)
[2021-05-30] Accepted apt-cacher-ng 3.7.2-1 (source) into experimental (Eduard Bloch)
[2021-05-30] Accepted apt-cacher-ng 3.6.4-1 (source) into unstable (Eduard Bloch)
[2021-05-25] Accepted apt-cacher-ng 3.7.1-1 (source) into experimental (Eduard Bloch)
[2021-05-22] Accepted apt-cacher-ng 3.7-1 (source) into experimental (Eduard Bloch)
[2021-03-30] apt-cacher-ng 3.6.3-1 MIGRATED to testing (Debian testing watch)
[2021-03-09] Accepted apt-cacher-ng 3.6.3-1 (source) into unstable (Eduard Bloch)
[2021-03-03] Accepted apt-cacher-ng 3.6.2-1 (source) into unstable (Eduard Bloch)
[2021-02-25] Accepted apt-cacher-ng 3.6.1-1 (source) into unstable (Eduard Bloch)
[2021-02-18] apt-cacher-ng 3.6-1 MIGRATED to testing (Debian testing watch)
[2021-02-07] Accepted apt-cacher-ng 3.6-1 (source) into unstable (Eduard Bloch)
[2020-11-26] apt-cacher-ng 3.5-3 MIGRATED to testing (Debian testing watch)
[2020-11-21] Accepted apt-cacher-ng 3.5-3 (source) into unstable (Eduard Bloch)
[2020-11-20] Accepted apt-cacher-ng 3.5-2 (source) into unstable (Eduard Bloch)
[2020-05-01] apt-cacher-ng 3.5-1 MIGRATED to testing (Debian testing watch)
[2020-04-20] Accepted apt-cacher-ng 3.5-1 (source) into unstable (Eduard Bloch)
[2020-04-16] apt-cacher-ng 3.4-1 MIGRATED to testing (Debian testing watch)
[2020-04-05] Accepted apt-cacher-ng 3.4-1 (source) into unstable (Eduard Bloch)
[2020-02-18] Accepted apt-cacher-ng 3.3.1-2~bpo9+1 (source) into stretch-backports-sloppy->backports-policy, stretch-backports-sloppy (Eduard Bloch)
[2020-02-15] Accepted apt-cacher-ng 3.2.1-1 (source) into proposed-updates->stable-new, proposed-updates (Eduard Bloch)

bugs [bug history graph]

all: 69 70
RC: 0
I&N: 45
M&W: 24 25
F&P: 0
patch: 9

links

homepage
lintian (0, 1)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (85, -)