Debian Package Tracker
Register | Log in
Subscribe

libpodofo

Choose email to subscribe with

general
  • source: libpodofo (main)
  • version: 0.9.8+dfsg-3.2
  • maintainer: Mattia Rizzolo (DMD)
  • arch: any
  • std-ver: 4.6.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.9.7+dfsg-2
  • oldstable: 0.9.8+dfsg-3
  • stable: 0.9.8+dfsg-3.2
  • testing: 0.9.8+dfsg-3.2
  • unstable: 0.9.8+dfsg-3.2
versioned links
  • 0.9.7+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.9.8+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.9.8+dfsg-3.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libpodofo-dev
  • libpodofo-utils (1 bugs: 0, 0, 1, 0)
  • libpodofo0.9.8t64
action needed
Marked for autoremoval on 08 October: #1036938 high
Version 0.9.8+dfsg-3.2 of libpodofo is marked for autoremoval from testing on Wed 08 Oct 2025. It is affected by #1036938. The removal of libpodofo will also cause the removal of (transitive) reverse dependencies: calibre, debian-design, dpmb, gimagereader, horizon-eda, krename, scribus. You should try to prevent the removal by fixing these RC bugs.
Created: 2025-09-08 Last update: 2025-09-11 00:05
4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:
  • CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
  • CVE-2021-30472: A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
  • CVE-2023-31566: Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
  • CVE-2023-31567: Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.
Created: 2022-07-04 Last update: 2025-08-31 15:02
4 security issues in forky high

There are 4 open security issues in forky.

4 important issues:
  • CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
  • CVE-2021-30472: A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
  • CVE-2023-31566: Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
  • CVE-2023-31567: Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.
Created: 2025-08-09 Last update: 2025-08-31 15:02
lintian reports 5 warnings high
Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2024-03-01 Last update: 2024-12-31 06:01
2 bugs tagged patch in the BTS normal
The BTS contains patches fixing 2 bugs, consider including or untagging them.
Created: 2025-01-06 Last update: 2025-09-11 00:01
1 open merge request in Salsa normal
There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.
Created: 2025-08-19 Last update: 2025-08-19 06:28
4 low-priority security issues in trixie low

There are 4 open security issues in trixie.

4 issues left for the package maintainer to handle:
  • CVE-2021-30469: (postponed; to be fixed through a stable update) A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
  • CVE-2021-30472: (postponed; to be fixed through a stable update) A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
  • CVE-2023-31566: (needs triaging) Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
  • CVE-2023-31567: (needs triaging) Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-08-09 Last update: 2025-08-31 15:02
4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

4 issues left for the package maintainer to handle:
  • CVE-2021-30469: (postponed; to be fixed through a stable update) A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
  • CVE-2021-30472: (postponed; to be fixed through a stable update) A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
  • CVE-2023-31566: (needs triaging) Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
  • CVE-2023-31567: (needs triaging) Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-10 Last update: 2025-08-31 15:02
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.1).
Created: 2022-12-17 Last update: 2025-02-27 13:25
news
[rss feed]
  • [2025-01-05] libpodofo 0.9.8+dfsg-3.2 MIGRATED to testing (Debian testing watch)
  • [2024-12-30] Accepted libpodofo 0.9.8+dfsg-3.2 (source) into unstable (Andreas Metzler)
  • [2024-05-02] libpodofo 0.9.8+dfsg-3.1 MIGRATED to testing (Debian testing watch)
  • [2024-02-28] Accepted libpodofo 0.9.8+dfsg-3.1 (source) into unstable (Benjamin Drung)
  • [2024-02-02] Accepted libpodofo 0.9.8+dfsg-3.1~exp1 (source) into experimental (Steve Langasek)
  • [2022-08-27] libpodofo 0.9.8+dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2022-08-21] Accepted libpodofo 0.9.8+dfsg-3 (source) into unstable (Mattia Rizzolo)
  • [2022-05-11] libpodofo 0.9.8+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2022-05-06] Accepted libpodofo 0.9.8+dfsg-2 (source) into unstable (Mattia Rizzolo)
  • [2022-05-04] Accepted libpodofo 0.9.8+dfsg-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Mattia Rizzolo)
  • [2022-01-08] libpodofo 0.9.7+dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2022-01-02] Accepted libpodofo 0.9.7+dfsg-3 (source) into unstable (Mattia Rizzolo)
  • [2021-01-18] libpodofo 0.9.7+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2021-01-12] Accepted libpodofo 0.9.7+dfsg-2 (source) into unstable (Mattia Rizzolo)
  • [2021-01-09] Accepted libpodofo 0.9.7+dfsg-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Mattia Rizzolo)
  • [2019-04-27] libpodofo 0.9.6+dfsg-5 MIGRATED to testing (Debian testing watch)
  • [2019-04-21] Accepted libpodofo 0.9.6+dfsg-5 (source) into unstable (Mattia Rizzolo)
  • [2019-02-22] libpodofo 0.9.6+dfsg-4 MIGRATED to testing (Debian testing watch)
  • [2019-02-11] Accepted libpodofo 0.9.6+dfsg-4 (source) into unstable (Mattia Rizzolo)
  • [2018-10-08] libpodofo 0.9.6+dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2018-10-02] Accepted libpodofo 0.9.6+dfsg-3 (source) into unstable (Mattia Rizzolo)
  • [2018-09-24] libpodofo 0.9.5-11 MIGRATED to testing (Debian testing watch)
  • [2018-09-22] Accepted libpodofo 0.9.6+dfsg-2 (source) into experimental (Mattia Rizzolo)
  • [2018-09-18] Accepted libpodofo 0.9.6+dfsg-1 (source) into experimental (Mattia Rizzolo)
  • [2018-09-18] Accepted libpodofo 0.9.5-11 (source) into unstable (Mattia Rizzolo)
  • [2018-09-02] libpodofo 0.9.5-10 MIGRATED to testing (Debian testing watch)
  • [2018-08-27] Accepted libpodofo 0.9.5-10 (source) into unstable (Mattia Rizzolo)
  • [2018-05-10] Accepted libpodofo 0.9.6~rc1+dfsg-1 (source amd64) into experimental, experimental (Mattia Rizzolo)
  • [2018-03-01] libpodofo 0.9.5-9 MIGRATED to testing (Debian testing watch)
  • [2018-02-24] Accepted libpodofo 0.9.5-9 (source) into unstable (Mattia Rizzolo)
  • 1
  • 2
bugs [bug history graph]
  • all: 7
  • RC: 1
  • I&N: 5
  • M&W: 1
  • F&P: 0
  • patch: 2
links
  • homepage
  • lintian (0, 5)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.9.8+dfsg-3.2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing