Register | Log in

libsolv

Choose email to subscribe with

general

source: libsolv (main)
version: 0.7.39-1
maintainer: RPM packaging team (DMD)
uploaders: Mike Gabriel [DMD] – Luca Boccassi [DMD]
arch: all any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.7.17-1+deb11u1
oldstable: 0.7.23-1+deb12u1
stable: 0.7.32-1
testing: 0.7.39-1
unstable: 0.7.39-1

versioned links

0.7.17-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.7.23-1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.7.32-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.7.39-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsolv-dev
libsolv-doc
libsolv-perl
libsolv-tools
libsolv1
libsolvext-dev
libsolvext1
python3-solv

action needed

3 low-priority security issues in trixie low

There are 3 open security issues in trixie.

3 issues left for the package maintainer to handle:

CVE-2026-9149: (needs triaging) A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
CVE-2026-9150: (needs triaging) A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
CVE-2026-48863: (needs triaging)

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-05-21 Last update: 2026-06-06 03:48

3 low-priority security issues in bookworm low

There are 3 open security issues in bookworm.

3 issues left for the package maintainer to handle:

CVE-2026-9149: (needs triaging) A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
CVE-2026-9150: (needs triaging) A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
CVE-2026-48863: (needs triaging)

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-05-21 Last update: 2026-06-06 03:48

news

[2026-06-06] libsolv 0.7.39-1 MIGRATED to testing (Debian testing watch)
[2026-05-31] Accepted libsolv 0.7.39-1 (source) into unstable (Luca Boccassi)
[2026-05-27] Accepted libsolv 0.7.38-1 (source) into unstable (Luca Boccassi)
[2026-04-30] libsolv 0.7.37-1 MIGRATED to testing (Debian testing watch)
[2026-04-24] Accepted libsolv 0.7.37-1 (source) into unstable (Luca Boccassi)
[2026-03-21] libsolv 0.7.36-1 MIGRATED to testing (Debian testing watch)
[2026-03-15] Accepted libsolv 0.7.36-1 (source) into unstable (Luca Boccassi)
[2025-08-16] libsolv 0.7.35-1 MIGRATED to testing (Debian testing watch)
[2025-08-10] Accepted libsolv 0.7.35-1 (source) into unstable (Luca Boccassi)
[2025-04-12] libsolv 0.7.32-1 MIGRATED to testing (Debian testing watch)
[2025-04-06] Accepted libsolv 0.7.32-1 (source) into unstable (Luca Boccassi)
[2024-11-19] libsolv 0.7.31-1 MIGRATED to testing (Debian testing watch)
[2024-11-13] Accepted libsolv 0.7.31-1 (source) into unstable (Luca Boccassi)
[2024-10-13] libsolv 0.7.30-2 MIGRATED to testing (Debian testing watch)
[2024-10-07] Accepted libsolv 0.7.30-2 (source) into unstable (Luca Boccassi)
[2024-07-19] libsolv 0.7.30-1 MIGRATED to testing (Debian testing watch)
[2024-07-14] Accepted libsolv 0.7.30-1 (source) into unstable (Luca Boccassi)
[2024-05-09] libsolv 0.7.29-1 MIGRATED to testing (Debian testing watch)
[2024-05-03] Accepted libsolv 0.7.29-1 (source) into unstable (Luca Boccassi)
[2024-02-06] libsolv 0.7.28-1 MIGRATED to testing (Debian testing watch)
[2024-02-02] Accepted libsolv 0.7.28-1.1~exp1 (source) into experimental (Steve Langasek)
[2024-01-29] Accepted libsolv 0.7.28-1 (source) into unstable (Luca Boccassi)
[2023-12-18] Accepted libsolv 0.7.17-1+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Luca Boccassi)
[2023-12-12] libsolv 0.7.27-2 MIGRATED to testing (Debian testing watch)
[2023-12-07] Accepted libsolv 0.7.27-2 (source) into unstable (Luca Boccassi)
[2023-12-01] libsolv 0.7.27-1 MIGRATED to testing (Debian testing watch)
[2023-11-26] Accepted libsolv 0.7.27-1 (source) into unstable (Luca Boccassi)
[2023-11-24] Accepted libsolv 0.7.23-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Luca Boccassi)
[2023-11-21] libsolv 0.7.26-2 MIGRATED to testing (Debian testing watch)
[2023-11-15] Accepted libsolv 0.7.26-2 (source) into unstable (Luca Boccassi)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.7.39-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing