Register | Log in

libsolv

Choose email to subscribe with

general

source: libsolv (main)
version: 0.7.37-1
maintainer: RPM packaging team (DMD)
uploaders: Mike Gabriel [DMD] – Luca Boccassi [DMD]
arch: all any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.7.17-1+deb11u1
oldstable: 0.7.23-1+deb12u1
stable: 0.7.32-1
testing: 0.7.37-1
unstable: 0.7.37-1

versioned links

0.7.17-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.7.23-1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.7.32-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.7.37-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsolv-dev
libsolv-doc
libsolv-perl
libsolv-tools
libsolv1
libsolvext-dev
libsolvext1
python3-solv

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2026-9149: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
CVE-2026-9150: A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

Created: 2026-05-21 Last update: 2026-05-21 22:02

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2026-9149: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
CVE-2026-9150: A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

Created: 2026-05-21 Last update: 2026-05-21 22:02

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2026-9149: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
CVE-2026-9150: A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

Created: 2026-05-21 Last update: 2026-05-21 22:02

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-9149: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

Created: 2026-05-21 Last update: 2026-05-21 22:02

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-9149: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

Created: 2026-05-21 Last update: 2026-05-21 22:02

news

[2026-04-30] libsolv 0.7.37-1 MIGRATED to testing (Debian testing watch)
[2026-04-24] Accepted libsolv 0.7.37-1 (source) into unstable (Luca Boccassi)
[2026-03-21] libsolv 0.7.36-1 MIGRATED to testing (Debian testing watch)
[2026-03-15] Accepted libsolv 0.7.36-1 (source) into unstable (Luca Boccassi)
[2025-08-16] libsolv 0.7.35-1 MIGRATED to testing (Debian testing watch)
[2025-08-10] Accepted libsolv 0.7.35-1 (source) into unstable (Luca Boccassi)
[2025-04-12] libsolv 0.7.32-1 MIGRATED to testing (Debian testing watch)
[2025-04-06] Accepted libsolv 0.7.32-1 (source) into unstable (Luca Boccassi)
[2024-11-19] libsolv 0.7.31-1 MIGRATED to testing (Debian testing watch)
[2024-11-13] Accepted libsolv 0.7.31-1 (source) into unstable (Luca Boccassi)
[2024-10-13] libsolv 0.7.30-2 MIGRATED to testing (Debian testing watch)
[2024-10-07] Accepted libsolv 0.7.30-2 (source) into unstable (Luca Boccassi)
[2024-07-19] libsolv 0.7.30-1 MIGRATED to testing (Debian testing watch)
[2024-07-14] Accepted libsolv 0.7.30-1 (source) into unstable (Luca Boccassi)
[2024-05-09] libsolv 0.7.29-1 MIGRATED to testing (Debian testing watch)
[2024-05-03] Accepted libsolv 0.7.29-1 (source) into unstable (Luca Boccassi)
[2024-02-06] libsolv 0.7.28-1 MIGRATED to testing (Debian testing watch)
[2024-02-02] Accepted libsolv 0.7.28-1.1~exp1 (source) into experimental (Steve Langasek)
[2024-01-29] Accepted libsolv 0.7.28-1 (source) into unstable (Luca Boccassi)
[2023-12-18] Accepted libsolv 0.7.17-1+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Luca Boccassi)
[2023-12-12] libsolv 0.7.27-2 MIGRATED to testing (Debian testing watch)
[2023-12-07] Accepted libsolv 0.7.27-2 (source) into unstable (Luca Boccassi)
[2023-12-01] libsolv 0.7.27-1 MIGRATED to testing (Debian testing watch)
[2023-11-26] Accepted libsolv 0.7.27-1 (source) into unstable (Luca Boccassi)
[2023-11-24] Accepted libsolv 0.7.23-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Luca Boccassi)
[2023-11-21] libsolv 0.7.26-2 MIGRATED to testing (Debian testing watch)
[2023-11-15] Accepted libsolv 0.7.26-2 (source) into unstable (Luca Boccassi)
[2023-11-11] Accepted libsolv 0.7.26-1 (source) into unstable (Luca Boccassi)
[2023-09-22] libsolv 0.7.25-1 MIGRATED to testing (Debian testing watch)
[2023-09-16] Accepted libsolv 0.7.25-1 (source) into unstable (Luca Boccassi)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.7.35-1build1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing