Debian Package Tracker
Register | Log in
Subscribe

libyang

Choose email to subscribe with

general
  • source: libyang (main)
  • version: 1.0.225-1.1
  • maintainer: David Lamparter (DMD)
  • uploaders: Ondřej Surý [DMD] – CESNET [DMD]
  • arch: all any
  • std-ver: 4.5.0
  • VCS: Git (Browse)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 0.16.105-1+deb10u1
  • stable: 1.0.225-1.1
versioned links
  • 0.16.105-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.0.225-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libyang-cpp-dev
  • libyang-cpp1
  • libyang-dev
  • libyang-tools
  • libyang1
  • yang-tools
package is gone
This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.
action needed
Debci reports failed tests high
  • unstable: fail (log)
    The tests ran in 0:00:37
    Last run: 2022-12-17T14:25:37.000Z
    Previous status: fail

  • testing: pass (log)
    The tests ran in 0:00:39
    Last run: 2022-03-01T09:14:46.000Z
    Previous status: pass

  • stable: pass (log)
    The tests ran in 0:00:16
    Last run: 2023-03-26T14:16:36.000Z
    Previous status: pass

Created: 2022-06-29 Last update: 2023-03-27 07:42
5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:
  • CVE-2021-28902: In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
  • CVE-2021-28903: A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
  • CVE-2021-28904: In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
  • CVE-2021-28905: In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
  • CVE-2021-28906: In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
Created: 2022-07-04 Last update: 2022-08-01 13:40
5 low-priority security issues in bullseye low

There are 5 open security issues in bullseye.

5 issues left for the package maintainer to handle:
  • CVE-2021-28902: (needs triaging) In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
  • CVE-2021-28903: (needs triaging) A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
  • CVE-2021-28904: (needs triaging) In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
  • CVE-2021-28905: (needs triaging) In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
  • CVE-2021-28906: (needs triaging) In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2022-12-29 23:43
news
[rss feed]
  • [2022-12-29] Removed 1.0.225-1.1 from unstable (Debian FTP Masters)
  • [2022-03-02] libyang REMOVED from testing (Debian testing watch)
  • [2021-06-30] libyang 1.0.225-1.1 MIGRATED to testing (Debian testing watch)
  • [2021-06-24] Accepted libyang 1.0.225-1.1 (source) into unstable (Sebastian Ramacher)
  • [2021-03-08] Accepted libyang 1.0.225-1 (source) into unstable (Ondřej Surý)
  • [2021-03-04] Accepted libyang 1.0.215-1 (source) into unstable (Ondřej Surý)
  • [2020-09-07] libyang 1.0.184-2 MIGRATED to testing (Debian testing watch)
  • [2020-09-04] Accepted libyang 1.0.184-2 (source) into unstable (Ondřej Surý)
  • [2020-07-21] Accepted libyang 1.0.184-1 (source) into unstable (Ondřej Surý)
  • [2020-07-19] Accepted libyang 1.0.176-3 (source) into unstable (Ondřej Surý)
  • [2020-07-17] Accepted libyang 1.0.176-2 (source amd64 all) into unstable, unstable (Debian FTP Masters) (signed by: Ondřej Surý)
  • [2020-06-10] Accepted libyang 1.0.167-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Ondřej Surý)
  • [2020-05-19] Accepted libyang 0.16.105-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
  • [2020-02-17] libyang 0.16.105-3 MIGRATED to testing (Debian testing watch)
  • [2020-02-14] Accepted libyang 0.16.105-3 (source) into unstable (David Lamparter) (signed by: Vincent Bernat)
  • [2019-12-26] Accepted libyang 0.16.105-2 (source) into unstable (David Lamparter) (signed by: Vincent Bernat)
  • [2019-09-01] libyang REMOVED from testing (Debian testing watch)
  • [2019-01-26] libyang 0.16.105-1 MIGRATED to testing (Debian testing watch)
  • [2019-01-23] Accepted libyang 0.16.105-1 (source) into unstable (David Lamparter) (signed by: Vincent Bernat)
  • [2018-12-09] libyang 0.16.52-2 MIGRATED to testing (Debian testing watch)
  • [2018-12-06] Accepted libyang 0.16.52-2 (source) into unstable (David Lamparter) (signed by: Vincent Bernat)
  • [2018-12-05] Accepted libyang 0.16.52-1 (source amd64) into unstable, unstable (David Lamparter) (signed by: Vincent Bernat)
bugs [bug history graph]
  • all: 0
links
  • homepage
  • buildd: logs, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing