Debian Package Tracker

general

source: htslib (main)
version: 1.9-10
maintainer: Debian Med Packaging Team (archive) [DMD] [LowNMU]
uploaders: Charles Plessy [DMD] – Michael R. Crusoe [DMD] [dm] – Andreas Tille [DMD]
arch: all any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.1-1
stable: 1.3.2-2
stable-bpo: 1.7-2~bpo9+1
testing: 1.9-10
unstable: 1.9-10

versioned links

1.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.7-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.9-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

htslib-test
libhts-dev
libhts-private-dev
libhts2
tabix

action needed

lintian reports 2 warnings high

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-03-07 Last update: 2019-03-12 04:39

Depends on packages which need a new maintainer normal

The packages that htslib depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2017-12-02 Last update: 2019-04-19 18:10

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-01-05 Last update: 2019-04-19 17:32

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.9-11, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 18fc49dd7454539a6276f75eb40775c96af37340
Author: Andreas Tille <tille@debian.org>
Date:   Thu Feb 21 16:05:54 2019 +0100

    Install README at request of upstream

Created: 2019-02-21 Last update: 2019-04-19 13:38

4 ignored security issues in jessie low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2018-13844: An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c.
CVE-2018-13843: ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue.
CVE-2017-1000206: samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
CVE-2018-13845: An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.

Please fix them.

Created: 2017-11-18 Last update: 2019-03-02 18:02

4 ignored security issues in stretch low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2018-13844: An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c.
CVE-2018-13843: ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue.
CVE-2017-1000206: samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
CVE-2018-13845: An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.

Please fix them.

Created: 2017-11-18 Last update: 2019-03-02 18:02

news

[rss feed]

[2019-03-03] htslib 1.9-10 MIGRATED to testing (Debian testing watch)
[2019-01-16] Accepted htslib 1.9-10 (source) into unstable (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2019-01-16] Accepted htslib 1.9-10~1libdeflate (source) into experimental (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2019-01-15] Accepted htslib 1.9-10~0libdeflate (source) into experimental (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2019-01-15] Accepted htslib 1.9-9 (source) into unstable (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2019-01-07] Accepted htslib 1.9-9~floatingpoint0 (source) into experimental (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2019-01-05] htslib 1.9-8 MIGRATED to testing (Debian testing watch)
[2018-12-31] Accepted htslib 1.9-8 (source) into unstable (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2018-12-19] Accepted htslib 1.9-7 (source) into unstable (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2018-12-18] Accepted htslib 1.9-7~1~i386~1 (source) into experimental (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2018-12-11] Accepted htslib 1.9-7~0~i386~gcc7~1 (source) into experimental (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2018-12-06] Accepted htslib 1.9-6 (source) into unstable (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2018-12-05] Accepted htslib 1.9-5 (source) into unstable (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2018-12-02] Accepted htslib 1.9-4 (source) into unstable (Andreas Tille)
[2018-10-14] Accepted htslib 1.9-3 (source) into unstable (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2018-09-12] Accepted htslib 1.9-2 (source) into unstable (Andreas Tille)
[2018-07-28] Accepted htslib 1.9-1 (source all amd64) into experimental (Steffen Moeller)
[2018-05-22] Accepted htslib 1.7-2~bpo9+1 (source all amd64) into stretch-backports, stretch-backports (Andreas Tille)
[2018-05-03] Accepted htslib 1.8-1 (source) into experimental (Andreas Tille)
[2018-02-19] htslib 1.7-2 MIGRATED to testing (Debian testing watch)
[2018-02-19] htslib 1.7-2 MIGRATED to testing (Debian testing watch)
[2018-02-14] Accepted htslib 1.7-2 (source) into unstable (Andreas Tille)
[2018-02-12] Accepted htslib 1.7-1 (source all amd64) into unstable (Steffen Moeller)
[2017-12-27] htslib 1.6-4 MIGRATED to testing (Debian testing watch)
[2017-12-21] Accepted htslib 1.6-4 (source) into unstable (Graham Inggs)
[2017-12-20] Accepted htslib 1.6-3 (source) into unstable (Graham Inggs)
[2017-12-20] htslib 1.6-2 MIGRATED to testing (Debian testing watch)
[2017-12-14] Accepted htslib 1.6-2 (source) into unstable (Andreas Tille)
[2017-12-11] Accepted htslib 1.6-1 (source) into experimental (Andreas Tille)
[2017-12-11] Accepted htslib 1.5-6 (source) into unstable (Andreas Tille)

bugs [bug history graph]

all: 2 4
RC: 1 3
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, clang, reproducibility, cross
popcon
debci
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.9-10