libpodofo - Debian Package Tracker

general

source: libpodofo (main)
version: 0.9.8+dfsg-3.3
maintainer: Mattia Rizzolo (DMD)
arch: any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.9.7+dfsg-2
oldstable: 0.9.8+dfsg-3
stable: 0.9.8+dfsg-3.2
testing: 0.9.8+dfsg-3.3
unstable: 0.9.8+dfsg-3.3

versioned links

0.9.7+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.8+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.8+dfsg-3.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.8+dfsg-3.3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libpodofo-dev
libpodofo-utils (1 bugs: 0, 0, 1, 0)
libpodofo0.9.8t64

action needed

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
CVE-2021-30472: A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
CVE-2023-31566: Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2023-31567: Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

Created: 2022-07-04 Last update: 2025-10-27 15:32

4 security issues in forky high

There are 4 open security issues in forky.

4 important issues:

CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
CVE-2021-30472: A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
CVE-2023-31566: Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2023-31567: Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

Created: 2025-08-09 Last update: 2025-10-27 15:32

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2025-10-19 Last update: 2025-10-24 22:00

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-10-27 14:30

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-10-20 Last update: 2025-10-20 00:00

2 open merge requests in Salsa normal

There are 2 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-20 Last update: 2025-10-18 18:02

4 low-priority security issues in trixie low

There are 4 open security issues in trixie.

4 issues left for the package maintainer to handle:

CVE-2021-30469: (postponed; to be fixed through a stable update) A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
CVE-2021-30472: (postponed; to be fixed through a stable update) A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
CVE-2023-31566: (needs triaging) Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2023-31567: (needs triaging) Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-08-09 Last update: 2025-10-27 15:32

4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

4 issues left for the package maintainer to handle:

CVE-2021-30469: (postponed; to be fixed through a stable update) A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
CVE-2021-30472: (postponed; to be fixed through a stable update) A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
CVE-2023-31566: (needs triaging) Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2023-31567: (needs triaging) Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-10 Last update: 2025-10-27 15:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.1).

Created: 2022-12-17 Last update: 2025-10-19 19:31

news

[rss feed]

[2025-10-24] libpodofo 0.9.8+dfsg-3.3 MIGRATED to testing (Debian testing watch)
[2025-10-19] Accepted libpodofo 0.9.8+dfsg-3.3 (source) into unstable (Philip Rinn)
[2025-01-05] libpodofo 0.9.8+dfsg-3.2 MIGRATED to testing (Debian testing watch)
[2024-12-30] Accepted libpodofo 0.9.8+dfsg-3.2 (source) into unstable (Andreas Metzler)
[2024-05-02] libpodofo 0.9.8+dfsg-3.1 MIGRATED to testing (Debian testing watch)
[2024-02-28] Accepted libpodofo 0.9.8+dfsg-3.1 (source) into unstable (Benjamin Drung)
[2024-02-02] Accepted libpodofo 0.9.8+dfsg-3.1~exp1 (source) into experimental (Steve Langasek)
[2022-08-27] libpodofo 0.9.8+dfsg-3 MIGRATED to testing (Debian testing watch)
[2022-08-21] Accepted libpodofo 0.9.8+dfsg-3 (source) into unstable (Mattia Rizzolo)
[2022-05-11] libpodofo 0.9.8+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-05-06] Accepted libpodofo 0.9.8+dfsg-2 (source) into unstable (Mattia Rizzolo)
[2022-05-04] Accepted libpodofo 0.9.8+dfsg-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Mattia Rizzolo)
[2022-01-08] libpodofo 0.9.7+dfsg-3 MIGRATED to testing (Debian testing watch)
[2022-01-02] Accepted libpodofo 0.9.7+dfsg-3 (source) into unstable (Mattia Rizzolo)
[2021-01-18] libpodofo 0.9.7+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-01-12] Accepted libpodofo 0.9.7+dfsg-2 (source) into unstable (Mattia Rizzolo)
[2021-01-09] Accepted libpodofo 0.9.7+dfsg-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Mattia Rizzolo)
[2019-04-27] libpodofo 0.9.6+dfsg-5 MIGRATED to testing (Debian testing watch)
[2019-04-21] Accepted libpodofo 0.9.6+dfsg-5 (source) into unstable (Mattia Rizzolo)
[2019-02-22] libpodofo 0.9.6+dfsg-4 MIGRATED to testing (Debian testing watch)
[2019-02-11] Accepted libpodofo 0.9.6+dfsg-4 (source) into unstable (Mattia Rizzolo)
[2018-10-08] libpodofo 0.9.6+dfsg-3 MIGRATED to testing (Debian testing watch)
[2018-10-02] Accepted libpodofo 0.9.6+dfsg-3 (source) into unstable (Mattia Rizzolo)
[2018-09-24] libpodofo 0.9.5-11 MIGRATED to testing (Debian testing watch)
[2018-09-22] Accepted libpodofo 0.9.6+dfsg-2 (source) into experimental (Mattia Rizzolo)
[2018-09-18] Accepted libpodofo 0.9.6+dfsg-1 (source) into experimental (Mattia Rizzolo)
[2018-09-18] Accepted libpodofo 0.9.5-11 (source) into unstable (Mattia Rizzolo)
[2018-09-02] libpodofo 0.9.5-10 MIGRATED to testing (Debian testing watch)
[2018-08-27] Accepted libpodofo 0.9.5-10 (source) into unstable (Mattia Rizzolo)
[2018-05-10] Accepted libpodofo 0.9.6~rc1+dfsg-1 (source amd64) into experimental, experimental (Mattia Rizzolo)

bugs [bug history graph]

all: 6
RC: 0
I&N: 4
M&W: 2
F&P: 0
patch: 1

links

homepage
lintian (0, 5)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.9.8+dfsg-3.2