fastdds - Debian Package Tracker

general

source: fastdds (main)
version: 3.0.1+ds-1
maintainer: Debian Robotics Team (DMD)
uploaders: Timo Röhling [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2.1.0+ds-9+deb11u1
old-sec: 2.1.0+ds-9+deb11u1
old-bpo: 2.7.1+ds-1~bpo11+1
stable: 2.9.1+ds-1+deb12u2
stable-sec: 2.9.1+ds-1+deb12u2
testing: 3.0.1+ds-1
unstable: 3.0.1+ds-1
exp: 3.1.0+ds-1

versioned links

2.1.0+ds-9+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7.1+ds-1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.1+ds-1+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.1+ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.0+ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

fastdds-tools
libfastdds-dev
libfastdds-doc
libfastdds3.0
libfastrtps-dev

action needed

A new upstream version is available: 3.1.0 high

A new upstream version 3.1.0 is available, you should consider packaging it.

Created: 2024-10-15 Last update: 2024-11-19 10:30

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2024-08-29 Last update: 2024-08-29 12:08

8 low-priority security issues in bookworm low

There are 8 open security issues in bookworm.

8 issues left for the package maintainer to handle:

CVE-2023-50257: (needs triaging) eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7.
CVE-2023-50716: (needs triaging) eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue.
CVE-2024-26369: (needs triaging) An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.
CVE-2024-28231: (needs triaging) eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue.
CVE-2024-30258: (needs triaging) FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
CVE-2024-30259: (needs triaging) FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
CVE-2024-30916: (needs triaging) An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component.
CVE-2024-30917: (needs triaging) An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-02-23 Last update: 2024-09-19 06:00

debian/patches: 9 patches to forward upstream low

Among the 15 debian patches available in version 3.0.1+ds-1 of the package, we noticed the following issues:

9 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-09-14 06:01

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2024-03-09 Last update: 2024-08-29 04:39

news

[rss feed]

[2024-10-15] Accepted fastdds 3.1.0+ds-1 (all amd64 source) into experimental (Debian FTP Masters) (signed by: Timo Röhling)
[2024-09-19] fastdds 3.0.1+ds-1 MIGRATED to testing (Debian testing watch)
[2024-09-13] Accepted fastdds 3.0.1+ds-1 (source) into unstable (Timo Röhling)
[2024-08-31] fastdds 3.0.0+ds-3 MIGRATED to testing (Debian testing watch)
[2024-08-28] Accepted fastdds 3.0.0+ds-3 (source) into unstable (Timo Röhling)
[2024-08-28] Accepted fastdds 3.0.0+ds-2 (source) into unstable (Timo Röhling)
[2024-08-28] Accepted fastdds 3.0.0+ds-1 (all amd64 source) into experimental (Debian FTP Masters) (signed by: Timo Röhling)
[2024-07-25] fastdds 2.14.3+ds-1 MIGRATED to testing (Debian testing watch)
[2024-07-22] Accepted fastdds 2.14.3+ds-1 (source) into unstable (Timo Röhling)
[2024-07-01] fastdds 2.14.2+ds-1 MIGRATED to testing (Debian testing watch)
[2024-06-28] Accepted fastdds 2.14.2+ds-1 (source) into unstable (Timo Röhling)
[2024-05-17] fastdds 2.14.1+ds-1 MIGRATED to testing (Debian testing watch)
[2024-05-17] fastdds 2.14.1+ds-1 MIGRATED to testing (Debian testing watch)
[2024-05-15] Accepted fastdds 2.14.1+ds-1 (source) into unstable (Timo Röhling)
[2024-05-03] fastdds 2.14.0+ds-4 MIGRATED to testing (Debian testing watch)
[2024-04-20] Accepted fastdds 2.14.0+ds-4 (source) into unstable (Timo Röhling)
[2024-04-18] Accepted fastdds 2.14.0+ds-3 (source) into unstable (Timo Röhling)
[2024-04-17] Accepted fastdds 2.14.0+ds-2 (source) into unstable (Timo Röhling)
[2024-04-17] Accepted fastdds 2.14.0+ds-1 (source amd64 all) into experimental (Debian FTP Masters) (signed by: Timo Röhling)
[2024-04-12] fastdds REMOVED from testing (Debian testing watch)
[2024-02-28] Accepted fastdds 2.11.2+ds-6.1 (source) into unstable (Michael Hudson-Doyle)
[2024-02-01] Accepted fastdds 2.11.2+ds-6.1~exp1 (source) into experimental (Michael Hudson-Doyle)
[2023-12-02] Accepted fastdds 2.9.1+ds-1+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Timo Röhling)
[2023-11-27] Accepted fastdds 2.9.1+ds-1+deb12u2 (source) into stable-security (Debian FTP Masters) (signed by: Timo Röhling)
[2023-10-26] fastdds 2.11.2+ds-6 MIGRATED to testing (Debian testing watch)
[2023-10-24] Accepted fastdds 2.11.2+ds-6 (source) into unstable (Timo Röhling)
[2023-08-26] Accepted fastdds 2.1.0+ds-9+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Timo Röhling)
[2023-08-26] Accepted fastdds 2.9.1+ds-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Timo Röhling)
[2023-08-26] fastdds 2.11.2+ds-5 MIGRATED to testing (Debian testing watch)
[2023-08-23] Accepted fastdds 2.11.2+ds-5 (source) into unstable (Timo Röhling)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 1)
buildd: logs, exp, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.0.0+ds-3