Debian Package Tracker
Register | Log in
Subscribe

apt-cacher-ng

caching proxy server for software repositories

Choose email to subscribe with

general
  • source: apt-cacher-ng (main)
  • version: 3.7.5-1
  • maintainer: Eduard Bloch (DMD) (LowNMU)
  • arch: any
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 3.6.4-1
  • oldstable: 3.7.4-1
  • stable: 3.7.5-1
  • testing: 3.7.5-1
  • unstable: 3.7.5-1
versioned links
  • 3.6.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.7.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.7.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • apt-cacher-ng (68 bugs: 0, 44, 24, 0)
action needed
2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:
  • CVE-2025-11146: Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.
  • CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.
Created: 2025-10-13 Last update: 2025-10-14 21:01
2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:
  • CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.
1 issue left for the package maintainer to handle:
  • CVE-2025-11146: (needs triaging) Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-10-13 Last update: 2025-10-14 21:01
1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:
  • CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.
Created: 2025-10-14 Last update: 2025-10-14 21:01
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.
Created: 2025-10-14 Last update: 2025-10-14 21:01
1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:
  • CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.
Created: 2025-10-14 Last update: 2025-10-14 21:01
lintian reports 1 warning high
Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.
Created: 2022-07-30 Last update: 2024-07-23 05:38
9 bugs tagged patch in the BTS normal
The BTS contains patches fixing 9 bugs, consider including or untagging them.
Created: 2025-01-06 Last update: 2025-10-21 23:30
10 open merge requests in Salsa normal
There are 10 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.
Created: 2025-08-19 Last update: 2025-10-18 01:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.5.1).
Created: 2021-08-18 Last update: 2025-02-27 13:24
news
[rss feed]
  • [2024-07-29] apt-cacher-ng 3.7.5-1 MIGRATED to testing (Debian testing watch)
  • [2024-07-22] Accepted apt-cacher-ng 3.7.5-1 (source) into unstable (Eduard Bloch)
  • [2024-06-22] apt-cacher-ng 3.7.4-1.1 MIGRATED to testing (Debian testing watch)
  • [2024-06-16] Accepted apt-cacher-ng 3.7.4-1.1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
  • [2022-03-24] Accepted apt-cacher-ng 3.7.4-1~bpo11+1 (source amd64) into bullseye-backports, bullseye-backports (Debian FTP Masters) (signed by: Eduard Bloch)
  • [2021-12-13] apt-cacher-ng 3.7.4-1 MIGRATED to testing (Debian testing watch)
  • [2021-12-07] Accepted apt-cacher-ng 3.7.4-1 (source) into unstable (Eduard Bloch)
  • [2021-10-19] apt-cacher-ng 3.7.3-1 MIGRATED to testing (Debian testing watch)
  • [2021-10-19] apt-cacher-ng 3.7.3-1 MIGRATED to testing (Debian testing watch)
  • [2021-10-09] Accepted apt-cacher-ng 3.7.3-1 (source) into unstable (Eduard Bloch)
  • [2021-06-06] apt-cacher-ng 3.6.4-1 MIGRATED to testing (Debian testing watch)
  • [2021-05-30] Accepted apt-cacher-ng 3.7.2-1 (source) into experimental (Eduard Bloch)
  • [2021-05-30] Accepted apt-cacher-ng 3.6.4-1 (source) into unstable (Eduard Bloch)
  • [2021-05-25] Accepted apt-cacher-ng 3.7.1-1 (source) into experimental (Eduard Bloch)
  • [2021-05-22] Accepted apt-cacher-ng 3.7-1 (source) into experimental (Eduard Bloch)
  • [2021-03-30] apt-cacher-ng 3.6.3-1 MIGRATED to testing (Debian testing watch)
  • [2021-03-09] Accepted apt-cacher-ng 3.6.3-1 (source) into unstable (Eduard Bloch)
  • [2021-03-03] Accepted apt-cacher-ng 3.6.2-1 (source) into unstable (Eduard Bloch)
  • [2021-02-25] Accepted apt-cacher-ng 3.6.1-1 (source) into unstable (Eduard Bloch)
  • [2021-02-18] apt-cacher-ng 3.6-1 MIGRATED to testing (Debian testing watch)
  • [2021-02-07] Accepted apt-cacher-ng 3.6-1 (source) into unstable (Eduard Bloch)
  • [2020-11-26] apt-cacher-ng 3.5-3 MIGRATED to testing (Debian testing watch)
  • [2020-11-21] Accepted apt-cacher-ng 3.5-3 (source) into unstable (Eduard Bloch)
  • [2020-11-20] Accepted apt-cacher-ng 3.5-2 (source) into unstable (Eduard Bloch)
  • [2020-05-01] apt-cacher-ng 3.5-1 MIGRATED to testing (Debian testing watch)
  • [2020-04-20] Accepted apt-cacher-ng 3.5-1 (source) into unstable (Eduard Bloch)
  • [2020-04-16] apt-cacher-ng 3.4-1 MIGRATED to testing (Debian testing watch)
  • [2020-04-05] Accepted apt-cacher-ng 3.4-1 (source) into unstable (Eduard Bloch)
  • [2020-02-18] Accepted apt-cacher-ng 3.3.1-2~bpo9+1 (source) into stretch-backports-sloppy->backports-policy, stretch-backports-sloppy (Eduard Bloch)
  • [2020-02-15] Accepted apt-cacher-ng 3.2.1-1 (source) into proposed-updates->stable-new, proposed-updates (Eduard Bloch)
  • 1
  • 2
bugs [bug history graph]
  • all: 69 70
  • RC: 0
  • I&N: 45
  • M&W: 24 25
  • F&P: 0
  • patch: 9
links
  • homepage
  • lintian (0, 1)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • l10n (85, -)

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing