Debian Package Tracker
Register | Log in
Subscribe

filezilla

Full-featured graphical FTP/FTPS/SFTP client

Choose email to subscribe with

general
  • source: filezilla (main)
  • version: 3.68.1-1
  • maintainer: Andreas Rönnquist (DMD)
  • arch: all any
  • std-ver: 4.7.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 3.39.0-2+deb10u1
  • oldstable: 3.52.2-3+deb11u1
  • stable: 3.63.0-1+deb12u3
  • testing: 3.68.1-1
  • unstable: 3.68.1-1
versioned links
  • 3.39.0-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.52.2-3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.63.0-1+deb12u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.68.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • filezilla (2 bugs: 0, 1, 1, 0)
  • filezilla-common (1 bugs: 0, 0, 1, 0)
action needed
Problems while searching for a new upstream version high
uscan had problems while searching for a new upstream version:
In debian/watch no matching files for watch line
  https://download.filezilla-project.org/client/FileZilla_(.*)_src\.tar\.xz
Created: 2024-07-12 Last update: 2025-05-18 17:00
lintian reports 2 warnings normal
Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2024-12-29 Last update: 2025-04-10 14:00
AppStream hints: 1 warning for filezilla normal
AppStream found metadata issues for packages:
  • filezilla: 1 warning
You should get rid of them to provide more metadata about this software.
Created: 2024-01-27 Last update: 2024-01-27 03:06
1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:
  • CVE-2024-31497: (needs triaging) In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-12-30 Last update: 2025-02-27 05:02
debian/patches: 1 patch to forward upstream low

Among the 2 debian patches available in version 3.68.1-1 of the package, we noticed the following issues:

  • 1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2024-12-29 11:49
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2020-10-21 Last update: 2020-10-21 18:54
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).
Created: 2025-02-21 Last update: 2025-02-27 13:25
news
[rss feed]
  • [2025-01-03] filezilla 3.68.1-1 MIGRATED to testing (Debian testing watch)
  • [2024-12-28] Accepted filezilla 3.68.1-1 (source) into unstable (Andreas Rönnquist)
  • [2024-11-06] filezilla 3.68.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-10-31] Accepted filezilla 3.68.0-1 (source) into unstable (Andreas Rönnquist)
  • [2024-10-31] filezilla 3.68.0~rc1-1 MIGRATED to testing (Debian testing watch)
  • [2024-10-23] Accepted filezilla 3.68.0~rc1-1 (source) into unstable (Andreas Rönnquist)
  • [2024-07-29] filezilla 3.67.1-2 MIGRATED to testing (Debian testing watch)
  • [2024-07-23] Accepted filezilla 3.67.1-2 (source) into unstable (Andreas Rönnquist)
  • [2024-07-17] filezilla 3.67.1-1 MIGRATED to testing (Debian testing watch)
  • [2024-07-11] Accepted filezilla 3.67.1-1 (source) into unstable (Andreas Rönnquist)
  • [2024-07-09] filezilla 3.67.1~rc1-1 MIGRATED to testing (Debian testing watch)
  • [2024-07-03] Accepted filezilla 3.67.1~rc1-1 (source) into unstable (Andreas Rönnquist)
  • [2024-05-08] filezilla 3.67.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-04-18] Accepted filezilla 3.67.0-1 (source) into unstable (Phil Wyett)
  • [2024-02-28] filezilla 3.66.5-2 MIGRATED to testing (Debian testing watch)
  • [2024-02-13] Accepted filezilla 3.66.5-2 (source) into unstable (Phil Wyett)
  • [2024-02-13] Accepted filezilla 3.66.5-1 (source) into unstable (Phil Wyett)
  • [2024-01-19] filezilla 3.66.4-2 MIGRATED to testing (Debian testing watch)
  • [2024-01-14] Accepted filezilla 3.66.4-2 (source) into unstable (Phil Wyett)
  • [2024-01-08] Accepted filezilla 3.52.2-3+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Gianfranco Costamagna)
  • [2024-01-08] Accepted filezilla 3.63.0-1+deb12u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Gianfranco Costamagna)
  • [2023-12-27] filezilla 3.66.4-1 MIGRATED to testing (Debian testing watch)
  • [2023-12-22] Accepted filezilla 3.66.4-1 (source) into unstable (Phil Wyett)
  • [2023-12-16] filezilla 3.66.1-4 MIGRATED to testing (Debian testing watch)
  • [2023-12-10] Accepted filezilla 3.66.1-4 (source) into unstable (Phil Wyett)
  • [2023-12-07] Accepted filezilla 3.66.1-3.2 (source) into unstable (Phil Wyett)
  • [2023-12-06] Accepted filezilla 3.66.1-3.1 (source) into experimental (Phil Wyett)
  • [2023-12-04] Accepted filezilla 3.66.1-3 (source) into unstable (Phil Wyett)
  • [2023-11-14] filezilla 3.66.1-2 MIGRATED to testing (Debian testing watch)
  • [2023-11-09] Accepted filezilla 3.66.1-2 (source) into unstable (Phil Wyett)
  • 1
  • 2
bugs [bug history graph]
  • all: 3
  • RC: 0
  • I&N: 1
  • M&W: 2
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 2)
  • buildd: logs, checks, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • l10n (-, 99)
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.68.1-1
  • 3 bugs

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing