Debian Package Tracker

general

source: f2fs-tools (main)
version: 1.11.0-1.1
maintainer: Filesystems Group (archive) (DMD)
uploaders: Theodore Y. Ts'o [DMD] – Vincent Cheng [DMD]
std-ver: 4.2.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.4.0-2
oldstable: 1.7.0-1.1
old-bpo: 1.11.0-1~bpo9+1
stable: 1.11.0-1.1
testing: 1.11.0-1.1
unstable: 1.11.0-1.1

versioned links

1.4.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.7.0-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.0-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.0-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

f2fs-tools (4 bugs: 0, 3, 1, 0)
f2fs-tools-dbg
f2fs-tools-udeb
libf2fs-dev
libf2fs-format-dev
libf2fs-format4
libf2fs5

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

No good upstream filename found after removing tailing ?... and #....
   Use filenamemangle to fix this.

Created: 2020-06-29 Last update: 2020-10-19 22:05

6 security issues in stretch high

There are 6 open security issues in stretch.

6 important issues:

CVE-2020-6070: An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6104: An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6105: An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6106: An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6107: An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6108: An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

Please fix them.

Created: 2020-07-31 Last update: 2020-10-17 07:06

6 security issues in sid high

There are 6 open security issues in sid.

6 important issues:

CVE-2020-6070: An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6104: An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6105: An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6106: An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6107: An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6108: An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

Please fix them.

Created: 2020-07-31 Last update: 2020-10-17 07:06

6 security issues in buster high

There are 6 open security issues in buster.

5 important issues:

CVE-2020-6104: An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6105: An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6106: An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6107: An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6108: An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

1 issue skipped by the security teams:

CVE-2020-6070: An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.

Please fix them.

Created: 2020-07-31 Last update: 2020-10-17 07:06

6 security issues in bullseye high

There are 6 open security issues in bullseye.

6 important issues:

CVE-2020-6070: An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6104: An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6105: An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6106: An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6107: An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6108: An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

Please fix them.

Created: 2020-07-31 Last update: 2020-10-17 07:06

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-10-19 Last update: 2020-10-19 23:30

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

f2fs-tools-dbg could be marked Multi-Arch: same

Created: 2018-12-08 Last update: 2020-10-19 21:33

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-08-25 Last update: 2020-10-19 19:05

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.13.0-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Created: 2018-12-06 Last update: 2020-10-19 08:38

lintian reports 7 warnings normal

Lintian reports 7 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-08-22 06:03

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.2.0).

Created: 2018-04-16 Last update: 2020-01-21 05:06

news

[rss feed]

[2018-12-17] f2fs-tools 1.11.0-1.1 MIGRATED to testing (Debian testing watch)
[2018-12-06] Accepted f2fs-tools 1.11.0-1.1 (source) into unstable (gregor herrmann)
[2018-10-29] Accepted f2fs-tools 1.11.0-1~bpo9+1 (source amd64) into stretch-backports, stretch-backports (Theodore Y. Ts'o) (signed by: Theodore Ts'o)
[2018-09-01] f2fs-tools 1.11.0-1 MIGRATED to testing (Debian testing watch)
[2018-08-27] Accepted f2fs-tools 1.11.0-1 (source amd64) into unstable, unstable (Theodore Y. Ts'o) (signed by: Theodore Ts'o)
[2018-05-07] Accepted f2fs-tools 1.10.0-1~bpo9+1 (source i386) into stretch-backports, stretch-backports (Theodore Y. Ts'o) (signed by: Theodore Ts'o)
[2018-03-05] f2fs-tools 1.10.0-1 MIGRATED to testing (Debian testing watch)
[2018-02-28] Accepted f2fs-tools 1.10.0-1 (source) into unstable (Vincent Cheng)
[2017-01-09] Accepted f2fs-tools 1.7.0-1.1~bpo8+1 (source i386) into jessie-backports, jessie-backports (Theodore Y. Ts'o) (signed by: Theodore Ts'o)
[2017-01-06] f2fs-tools 1.7.0-1.1 MIGRATED to testing (Debian testing watch)
[2016-12-26] Accepted f2fs-tools 1.7.0-1.1 (source amd64) into unstable, unstable (Adam Borowski)
[2016-09-07] f2fs-tools 1.7.0-1 MIGRATED to testing (Debian testing watch)
[2016-09-02] Accepted f2fs-tools 1.7.0-1 (source) into unstable (Vincent Cheng)
[2016-04-09] f2fs-tools 1.6.1-1 MIGRATED to testing (Debian testing watch)
[2016-04-04] Accepted f2fs-tools 1.6.1-1 (source) into unstable (Vincent Cheng)
[2016-01-03] f2fs-tools 1.6.0-2 MIGRATED to testing (Debian testing watch)
[2015-12-29] f2fs-tools 1.6.0-1 MIGRATED to testing (Debian testing watch)
[2015-12-29] Accepted f2fs-tools 1.6.0-2 (source) into unstable (Vincent Cheng)
[2015-12-23] Accepted f2fs-tools 1.6.0-1 (source amd64) into unstable, unstable (Vincent Cheng)
[2015-05-05] f2fs-tools 1.4.1-1 MIGRATED to testing (Britney)
[2015-04-29] Accepted f2fs-tools 1.4.1-1 (source) into unstable (Vincent Cheng)
[2014-09-30] f2fs-tools 1.4.0-2 MIGRATED to testing (Britney)
[2014-09-24] Accepted f2fs-tools 1.4.0-2 (source) into unstable (Vincent Cheng)
[2014-09-20] Accepted f2fs-tools 1.4.0-1 (source) into unstable (Vincent Cheng)
[2014-04-26] f2fs-tools 1.3.0-1 MIGRATED to testing (Debian testing watch)
[2014-04-20] Accepted f2fs-tools 1.3.0-1 (source amd64) (Vincent Cheng)
[2014-01-28] f2fs-tools 1.2.0-1 MIGRATED to testing (Debian testing watch)
[2014-01-22] Accepted f2fs-tools 1.2.0-1 (source amd64) (Vincent Cheng)
[2013-05-18] f2fs-tools 1.1.0-3 MIGRATED to testing (Debian testing watch)
[2013-05-07] Accepted f2fs-tools 1.1.0-3 (source amd64) (Luk Claes)

bugs [bug history graph]

all: 8
RC: 2
I&N: 5
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (0, 7)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.11.0-1.1ubuntu1
2 bugs
patches for 1.11.0-1.1ubuntu1