burp - Debian Package Tracker

general

source: burp (main)
version: 3.1.4-5
maintainer: Calogero Lo Leggio (DMD)
uploaders: Christoph Martin [DMD]
arch: any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.2.18-8
oldstable: 3.1.4-1
stable: 3.1.4-4
testing: 3.1.4-5
unstable: 3.1.4-5

versioned links

2.2.18-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.4-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.4-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

burp (2 bugs: 0, 2, 0, 0)

action needed

lintian reports 1 error and 14 warnings high

Lintian reports 1 error and 14 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-12-21 Last update: 2025-04-10 14:00

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit f0b75484cc84a7db0699fbfddf2a1210ef3cd80b
Author: Christoph Martin <martin@uni-mainz.de>
Date:   Mon Jan 12 10:45:54 2026 +0100

    wrap-and-sort debian/rules and debian/tests/control

commit ecabcc9a5ef67af27ccfe4967d9051fed8c1f1d7
Author: Christoph Martin <martin@uni-mainz.de>
Date:   Mon Jan 12 10:30:49 2026 +0100

    add salsa-ci.yml

Created: 2026-01-12 Last update: 2026-01-20 02:33

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2017-16516: (needs triaging) In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
CVE-2022-24795: (needs triaging) yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-07-22 Last update: 2025-11-21 03:30

debian/patches: 3 patches to forward upstream low

Among the 6 debian patches available in version 3.1.4-5 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-09-04 Last update: 2025-11-19 10:47

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.6.0).

Created: 2022-05-11 Last update: 2025-12-23 20:00

news

[rss feed]

[2025-11-21] burp 3.1.4-5 MIGRATED to testing (Debian testing watch)
[2025-11-18] Accepted burp 3.1.4-5 (source) into unstable (Christoph Martin)
[2025-03-14] burp 3.1.4-4 MIGRATED to testing (Debian testing watch)
[2025-03-11] Accepted burp 3.1.4-4 (source) into unstable (Christoph Martin)
[2025-01-23] burp REMOVED from testing (Debian testing watch)
[2023-12-24] burp 3.1.4-3.1 MIGRATED to testing (Debian testing watch)
[2023-12-20] Accepted burp 3.1.4-3.1 (source) into unstable (Jérémy Lal)
[2023-09-06] burp 3.1.4-3 MIGRATED to testing (Debian testing watch)
[2023-09-04] Accepted burp 3.1.4-3 (source) into unstable (Christoph Martin)
[2023-08-05] Accepted burp 2.1.32-2+deb10u1 (source) into oldoldstable (Sean Whitton)
[2022-12-15] burp 3.1.4-1 MIGRATED to testing (Debian testing watch)
[2022-12-12] Accepted burp 3.1.4-1 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2022-07-06] burp REMOVED from testing (Debian testing watch)
[2021-11-21] burp 2.4.0-3 MIGRATED to testing (Debian testing watch)
[2021-11-18] Accepted burp 2.4.0-3 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2020-06-10] burp 2.2.18-8 MIGRATED to testing (Debian testing watch)
[2020-06-08] burp 2.2.18-7 MIGRATED to testing (Debian testing watch)
[2020-06-07] Accepted burp 2.2.18-8 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2020-06-05] Accepted burp 2.2.18-7 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2019-08-07] burp 2.2.18-2 MIGRATED to testing (Debian testing watch)
[2019-08-05] Accepted burp 2.2.18-2 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2019-08-05] burp 2.2.18-1 MIGRATED to testing (Debian testing watch)
[2019-08-02] Accepted burp 2.2.18-1 (source) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2019-01-16] burp 2.1.32-2 MIGRATED to testing (Debian testing watch)
[2019-01-11] Accepted burp 2.1.32-2 (source amd64) into unstable (Calogero Lo Leggio) (signed by: Christoph Martin)
[2019-01-07] Accepted burp 2.1.32-1 (source amd64) into unstable (Calogero Lo Leggio (kalos)) (signed by: Christoph Martin)
[2018-09-20] burp 2.1.30-1 MIGRATED to testing (Debian testing watch)
[2018-09-14] Accepted burp 2.1.30-1 (source amd64) into unstable (Calogero Lo Leggio (kalos)) (signed by: Christoph Martin)
[2017-12-08] Accepted burp 2.0.54-4 (source amd64) into unstable (Calogero Lo Leggio (kalos)) (signed by: Christoph Martin)
[2017-01-24] Accepted burp 2.0.54-1~bpo8+1 (source amd64) into jessie-backports (Christoph Martin)

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (1, 14)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.1.4-5
1 bug