igmpproxy - Debian Package Tracker

general

source: igmpproxy (main)
version: 0.3-1
maintainer: Pali Rohár (DMD)
std-ver: 4.1.3
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.3-1
oldstable: 0.3-1
stable: 0.3-1
unstable: 0.3-1

versioned links

0.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

igmpproxy (1 bugs: 1, 0, 0, 0)

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch source
  https://github.com/pali/igmpproxy/releases

Created: 2025-11-27 Last update: 2025-12-24 08:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-50681: igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type can trigger a NULL pointer dereference when logging the address using `inet_fmtsrc()`. This vulnerability can be exploited by sending malformed multicast traffic to a host running igmpproxy, leading to a crash. igmpproxy is used in various embedded networking environments and consumer-grade IoT devices (such as home routers and media gateways) to handle multicast traffic for IPTV and other streaming services. Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN .

Created: 2025-12-19 Last update: 2025-12-21 13:30

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2025-50681: igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type can trigger a NULL pointer dereference when logging the address using `inet_fmtsrc()`. This vulnerability can be exploited by sending malformed multicast traffic to a host running igmpproxy, leading to a crash. igmpproxy is used in various embedded networking environments and consumer-grade IoT devices (such as home routers and media gateways) to handle multicast traffic for IPTV and other streaming services. Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN .

Created: 2025-12-19 Last update: 2025-12-21 13:30

lintian reports 1 error and 3 warnings high

Lintian reports 1 error and 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-04-11 Last update: 2025-09-10 19:33

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2025-11-02 Last update: 2025-12-24 12:02

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-50681: (needs triaging) igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type can trigger a NULL pointer dereference when logging the address using `inet_fmtsrc()`. This vulnerability can be exploited by sending malformed multicast traffic to a host running igmpproxy, leading to a crash. igmpproxy is used in various embedded networking environments and consumer-grade IoT devices (such as home routers and media gateways) to handle multicast traffic for IPTV and other streaming services. Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN .

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-19 Last update: 2025-12-21 13:30

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-50681: (needs triaging) igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type can trigger a NULL pointer dereference when logging the address using `inet_fmtsrc()`. This vulnerability can be exploited by sending malformed multicast traffic to a host running igmpproxy, leading to a crash. igmpproxy is used in various embedded networking environments and consumer-grade IoT devices (such as home routers and media gateways) to handle multicast traffic for IPTV and other streaming services. Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN .

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-19 Last update: 2025-12-21 13:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.1.3).

Created: 2018-04-16 Last update: 2025-12-23 20:00

testing migrations

excuses:
- Migration status for igmpproxy (- to 0.3-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating igmpproxy would introduce bugs in testing: #1039229
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/i/igmpproxy.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ 1791 days old (needed 5 days)
- Not considered

news

[rss feed]

[2025-11-03] igmpproxy REMOVED from testing (Debian testing watch)
[2021-02-02] igmpproxy 0.3-1 MIGRATED to testing (Debian testing watch)
[2021-01-28] Accepted igmpproxy 0.3-1 (source) into unstable (Pali Rohár) (signed by: Adam Borowski)
[2018-02-24] igmpproxy 0.2.1-1 MIGRATED to testing (Debian testing watch)
[2018-02-17] Accepted igmpproxy 0.2.1-1 (source) into unstable (Pali Rohár) (signed by: Adrian Bunk)
[2018-01-17] igmpproxy 0.2-1 MIGRATED to testing (Debian testing watch)
[2018-01-07] Accepted igmpproxy 0.2-1 (source) into unstable (Pali Rohár) (signed by: Adam Borowski)
[2016-12-29] igmpproxy 0.1-1 MIGRATED to testing (Debian testing watch)
[2016-12-18] Accepted igmpproxy 0.1-1 (source amd64) into unstable, unstable (Pali Rohár) (signed by: gregor herrmann)

bugs [bug history graph]

all: 2
RC: 1
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (1, 3)
buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.3-1build1