Register | Log in

libyang

Choose email to subscribe with

general

source: libyang (main)
version: 1.0.225-1.1
maintainer: David Lamparter (DMD)
uploaders: Ondřej Surý [DMD] – CESNET [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.16.105-1+deb10u1
stable: 1.0.225-1.1

versioned links

0.16.105-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.225-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libyang-cpp-dev
libyang-cpp1
libyang-dev
libyang-tools
libyang1
yang-tools

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:00:37
Last run: 2022-12-17T14:25:37.000Z
Previous status: fail

testing: pass (log)
The tests ran in 0:00:39
Last run: 2022-03-01T09:14:46.000Z
Previous status: pass

stable: pass (log)
The tests ran in 0:00:18
Last run: 2023-05-26T18:15:58.000Z
Previous status: pass

Created: 2022-06-29 Last update: 2023-06-07 17:13

5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:

CVE-2021-28902: In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
CVE-2021-28903: A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
CVE-2021-28904: In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
CVE-2021-28905: In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
CVE-2021-28906: In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.

Created: 2022-07-04 Last update: 2022-08-01 13:40

5 low-priority security issues in bullseye low

There are 5 open security issues in bullseye.

5 issues left for the package maintainer to handle:

CVE-2021-28902: (needs triaging) In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
CVE-2021-28903: (needs triaging) A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
CVE-2021-28904: (needs triaging) In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
CVE-2021-28905: (needs triaging) In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
CVE-2021-28906: (needs triaging) In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-03-27 11:06

news

[2022-12-29] Removed 1.0.225-1.1 from unstable (Debian FTP Masters)
[2022-03-02] libyang REMOVED from testing (Debian testing watch)
[2021-06-30] libyang 1.0.225-1.1 MIGRATED to testing (Debian testing watch)
[2021-06-24] Accepted libyang 1.0.225-1.1 (source) into unstable (Sebastian Ramacher)
[2021-03-08] Accepted libyang 1.0.225-1 (source) into unstable (Ondřej Surý)
[2021-03-04] Accepted libyang 1.0.215-1 (source) into unstable (Ondřej Surý)
[2020-09-07] libyang 1.0.184-2 MIGRATED to testing (Debian testing watch)
[2020-09-04] Accepted libyang 1.0.184-2 (source) into unstable (Ondřej Surý)
[2020-07-21] Accepted libyang 1.0.184-1 (source) into unstable (Ondřej Surý)
[2020-07-19] Accepted libyang 1.0.176-3 (source) into unstable (Ondřej Surý)
[2020-07-17] Accepted libyang 1.0.176-2 (source amd64 all) into unstable, unstable (Debian FTP Masters) (signed by: Ondřej Surý)
[2020-06-10] Accepted libyang 1.0.167-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Ondřej Surý)
[2020-05-19] Accepted libyang 0.16.105-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2020-02-17] libyang 0.16.105-3 MIGRATED to testing (Debian testing watch)
[2020-02-14] Accepted libyang 0.16.105-3 (source) into unstable (David Lamparter) (signed by: Vincent Bernat)
[2019-12-26] Accepted libyang 0.16.105-2 (source) into unstable (David Lamparter) (signed by: Vincent Bernat)
[2019-09-01] libyang REMOVED from testing (Debian testing watch)
[2019-01-26] libyang 0.16.105-1 MIGRATED to testing (Debian testing watch)
[2019-01-23] Accepted libyang 0.16.105-1 (source) into unstable (David Lamparter) (signed by: Vincent Bernat)
[2018-12-09] libyang 0.16.52-2 MIGRATED to testing (Debian testing watch)
[2018-12-06] Accepted libyang 0.16.52-2 (source) into unstable (David Lamparter) (signed by: Vincent Bernat)
[2018-12-05] Accepted libyang 0.16.52-1 (source amd64) into unstable, unstable (David Lamparter) (signed by: Vincent Bernat)

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing