libsepol - Debian Package Tracker

general

source: libsepol (main)
version: 3.1-1
maintainer: Debian SELinux maintainers (archive) (DMD)
uploaders: Laurent Bigonville [DMD] – Russell Coker [DMD]
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.6-2
oldstable: 2.8-1
stable: 3.1-1
testing: 3.1-1
unstable: 3.1-1
exp: 3.2-1

versioned links

2.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsepol1 (1 bugs: 0, 1, 0, 0)
libsepol1-dev
sepol-utils

action needed

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2021-36084: The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
CVE-2021-36085: The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVE-2021-36086: The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
CVE-2021-36087: The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.

Created: 2021-07-01 Last update: 2021-08-15 00:00

4 security issues in bookworm high

There are 4 open security issues in bookworm.

4 important issues:

CVE-2021-36084: The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
CVE-2021-36085: The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVE-2021-36086: The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
CVE-2021-36087: The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.

Created: 2021-08-15 Last update: 2021-08-15 00:00

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 03e55e52938a4f8030f8754a9a41c1f4789ac2c3
Author: Laurent Bigonville <bigon@debian.org>
Date:   Sat Apr 24 13:04:08 2021 +0200

    debian/libsepol2.symbols: Fix the name of the -dev package, ouupsie

Created: 2021-02-08 Last update: 2021-09-11 03:06

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2021-05-27 22:05

4 low-priority security issues in buster low

There are 4 open security issues in buster.

4 issues left for the package maintainer to handle:

CVE-2021-36084: (needs triaging) The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
CVE-2021-36085: (needs triaging) The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVE-2021-36086: (needs triaging) The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
CVE-2021-36087: (needs triaging) The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-07-01 Last update: 2021-08-15 00:00

4 low-priority security issues in bullseye low

There are 4 open security issues in bullseye.

4 issues left for the package maintainer to handle:

CVE-2021-36084: (needs triaging) The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
CVE-2021-36085: (needs triaging) The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVE-2021-36086: (needs triaging) The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
CVE-2021-36087: (needs triaging) The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-08-14 Last update: 2021-08-15 00:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.0).

Created: 2020-11-17 Last update: 2021-08-18 14:02

testing migrations

This package will soon be part of the auto-libsepol transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-05-04] Accepted libsepol 3.2-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Laurent Bigonville)
[2020-07-21] libsepol 3.1-1 MIGRATED to testing (Debian testing watch)
[2020-07-14] Accepted libsepol 3.1-1 (source) into unstable (Laurent Bigonville)
[2020-05-23] Accepted libsepol 3.1~rc1-1 (source) into experimental (Laurent Bigonville)
[2019-12-16] libsepol 3.0-1 MIGRATED to testing (Debian testing watch)
[2019-12-10] Accepted libsepol 3.0-1 (source) into unstable (Laurent Bigonville)
[2019-08-08] libsepol 2.9-2 MIGRATED to testing (Debian testing watch)
[2019-07-07] Accepted libsepol 2.9-2 (source amd64) into unstable (Laurent Bigonville)
[2019-03-17] Accepted libsepol 2.9-1 (source amd64) into experimental (Laurent Bigonville)
[2018-06-02] libsepol 2.8-1 MIGRATED to testing (Debian testing watch)
[2018-05-28] Accepted libsepol 2.8-1 (source amd64) into unstable (Laurent Bigonville)
[2018-05-24] libsepol 2.7-2 MIGRATED to testing (Debian testing watch)
[2018-05-19] Accepted libsepol 2.7-2 (source amd64) into unstable (Russell Coker)
[2017-09-15] libsepol 2.7-1 MIGRATED to testing (Debian testing watch)
[2017-09-09] Accepted libsepol 2.7-1 (source amd64) into unstable (Laurent Bigonville)
[2017-06-20] Accepted libsepol 2.7~rc2-1 (source amd64) into experimental (Laurent Bigonville)
[2016-12-15] libsepol 2.6-2 MIGRATED to testing (Debian testing watch)
[2016-12-03] Accepted libsepol 2.6-2 (source amd64) into unstable (Laurent Bigonville)
[2016-11-02] libsepol 2.6-1 MIGRATED to testing (Debian testing watch)
[2016-10-27] Accepted libsepol 2.6-1 (source amd64) into unstable (Laurent Bigonville)
[2016-04-30] libsepol 2.5-1 MIGRATED to testing (Debian testing watch)
[2016-04-24] Accepted libsepol 2.5-1 (source amd64) into unstable (Laurent Bigonville)
[2015-11-24] libsepol 2.4-2 MIGRATED to testing (Britney)
[2015-11-18] Accepted libsepol 2.4-2 (source amd64) into unstable (Laurent Bigonville)
[2015-06-02] Accepted libsepol 2.4-1 (source amd64) into experimental (Laurent Bigonville)
[2014-09-06] libsepol 2.3-2 MIGRATED to testing (Britney)
[2014-08-31] Accepted libsepol 2.3-2 (source amd64) into unstable (Laurent Bigonville)
[2014-05-19] libsepol 2.3-1 MIGRATED to testing (Debian testing watch)
[2014-05-13] Accepted libsepol 2.3-1 (source amd64) (Laurent Bigonville)
[2013-11-12] libsepol 2.2-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 3
RC: 1
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, exp, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.1-1ubuntu1
patches for 3.1-1ubuntu1