vcswatch reports that
this package seems to have a new changelog entry (version
1.10-1, distribution
unstable) and new commits
in its VCS. You should consider whether it's time to make
an upload.
CVE-2018-13845: An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.
CVE-2017-1000206: samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
CVE-2018-13843: ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue.
CVE-2018-13844: An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c.
CVE-2018-13845: An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.
CVE-2017-1000206: samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
CVE-2018-13843: ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue.
CVE-2018-13844: An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c.
Please fix them.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.4.1 instead of
4.3.0).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/h/htslib.png){kind=link}