Debian Package Tracker

general

source: libtomcrypt (main)
version: 1.18.2-4
maintainer: Nicolas Mora (DMD)
arch: any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.17-6
o-o-sec: 1.17-6+deb8u1
oldstable: 1.17-9
stable: 1.18.2-1
testing: 1.18.2-4
unstable: 1.18.2-4

versioned links

1.17-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17-6+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.18.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.18.2-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libtomcrypt-dev
libtomcrypt1

action needed

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.18.2-5, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit fd599f50eda3cbbbeebbb04afb6406287e21db33
Merge: 8de0cf3 00db4eb
Author: Nicolas Mora <babelouest@debian.org>
Date:   Fri Oct 16 00:51:18 2020 +0000

    Merge branch 'lintian-fixes' into 'master'
    
    Fix some issues reported by lintian
    
    See merge request debian/libtomcrypt!1

commit 00db4eb9f65ab70c9145c9ab62e5999ae7f7d394
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Sep 4 06:27:01 2020 +0000

    Remove obsolete fields Contact, Name from debian/upstream/metadata (already present in machine-readable debian/copyright).
    
    Changes-By: lintian-brush

commit 264ffff5e2e31245bbd9ad8dc05c41d3b27db666
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Sep 4 06:26:11 2020 +0000

    Set field Upstream-Contact in debian/copyright.
    
    Changes-By: lintian-brush

commit 831458d06c628227fe60e0d11b1a47ba2087a612
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Sep 4 06:25:22 2020 +0000

    Set debhelper-compat version in Build-Depends.
    
    Changes-By: lintian-brush
    Fixes: lintian: uses-debhelper-compat-file
    See-also: https://lintian.debian.org/tags/uses-debhelper-compat-file.html

commit 8de0cf3da4fcea64de94b5d0692d42d4b45fd917
Author: Nicolas Mora <nicolas@babelouest.org>
Date:   Thu May 21 22:29:56 2020 -0400

    Add build-reproductible.patch

commit fe04ddd7587a41f941e3fa9365e87f0172caf834
Author: Nicolas Mora <nicolas@babelouest.org>
Date:   Thu Mar 5 14:29:13 2020 -0500

    Upgrade to 1.18.2-3

commit b3f32fa811f3ec6427460a5e7afea9f4c6a210e0
Author: Nicolas Mora <nicolas@babelouest.org>
Date:   Sun Feb 23 09:42:14 2020 -0500

    Upgrade to 1.18.2-2

commit 51605fed5d5fc1fdeebc7e25c030f283f38f2833
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Oct 1 09:39:19 2018 +0200

    d/control: Set Vcs-* to salsa.debian.org

Created: 2018-05-31 Last update: 2020-10-29 10:05

Depends on packages which need a new maintainer normal

The packages that libtomcrypt depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2019-11-22 Last update: 2020-10-29 08:36

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-07-29 12:32

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
CVE-2018-12437: LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVE-2019-17362: In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

Please fix them.

Created: 2018-06-15 Last update: 2020-08-07 06:08

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-17362: In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

Please fix it.

Created: 2019-10-09 Last update: 2020-08-07 06:08

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2019-07-15 Last update: 2019-07-15 08:20

news

[rss feed]

[2020-05-28] libtomcrypt 1.18.2-4 MIGRATED to testing (Debian testing watch)
[2020-05-26] Accepted libtomcrypt 1.18.2-4 (source) into unstable (Nicolas Mora)
[2020-03-06] libtomcrypt 1.18.2-3 MIGRATED to testing (Debian testing watch)
[2020-03-04] Accepted libtomcrypt 1.18.2-3 (source) into unstable (Nicolas Mora)
[2019-10-09] Accepted libtomcrypt 1.17-6+deb8u1 (source amd64) into oldoldstable (Chris Lamb)
[2019-07-17] libtomcrypt 1.18.2-2 MIGRATED to testing (Debian testing watch)
[2019-07-14] Accepted libtomcrypt 1.18.2-2 (source) into unstable (Nicolas Mora) (signed by: Thorsten Alteholz)
[2018-07-17] libtomcrypt 1.18.2-1 MIGRATED to testing (Debian testing watch)
[2018-07-11] Accepted libtomcrypt 1.18.2-1 (source) into unstable (Michael Stapelberg)
[2018-01-27] libtomcrypt 1.18.1-1 MIGRATED to testing (Debian testing watch)
[2018-01-22] Accepted libtomcrypt 1.18.1-1 (source) into unstable (Michael Stapelberg)
[2017-10-21] libtomcrypt 1.18.0-1 MIGRATED to testing (Debian testing watch)
[2017-10-16] Accepted libtomcrypt 1.18.0-1 (source amd64) into unstable, unstable (Michael Stapelberg)
[2016-12-29] libtomcrypt 1.17-9 MIGRATED to testing (Debian testing watch)
[2016-12-18] Accepted libtomcrypt 1.17-9 (source) into unstable (Michael Stapelberg)
[2016-09-16] libtomcrypt 1.17-8 MIGRATED to testing (Debian testing watch)
[2016-09-13] Accepted libtomcrypt 1.17-8 (source amd64) into unstable (Michael Stapelberg)
[2016-09-06] Accepted libtomcrypt 1.17-3.2+deb7u1 (source amd64) into oldstable (Jonas Meurer)
[2015-07-04] libtomcrypt 1.17-7 MIGRATED to testing (Britney)
[2015-06-28] Accepted libtomcrypt 1.17-7 (source amd64) into unstable (Michael Stapelberg)
[2014-10-05] libtomcrypt 1.17-6 MIGRATED to testing (Britney)
[2014-09-29] Accepted libtomcrypt 1.17-6 (source amd64) into unstable (Michael Stapelberg)
[2014-01-15] libtomcrypt 1.17-5 MIGRATED to testing (Debian testing watch)
[2014-01-04] Accepted libtomcrypt 1.17-5 (source amd64) (Michael Stapelberg)
[2014-01-02] Accepted libtomcrypt 1.17-4 (source amd64) (Michael Stapelberg)
[2011-07-12] libtomcrypt 1.17-3.2 MIGRATED to testing (Debian testing watch)
[2011-07-01] Accepted libtomcrypt 1.17-3.2 (source i386) (Luk Claes)
[2011-03-29] libtomcrypt 1.17-3.1 MIGRATED to testing (Debian testing watch)
[2011-03-18] Accepted libtomcrypt 1.17-3.1 (source amd64) (Steve M. Robbins) (signed by: Steven M. Robbins)
[2011-02-06] libtomcrypt 1.17-3 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.18.2-4
1 bug