Debian Package Tracker
Register | Log in
Subscribe

libzypp

Choose email to subscribe with

general
  • source: libzypp (main)
  • version: 17.38.14-1
  • maintainer: RPM packaging team (DMD)
  • uploaders: Mike Gabriel [DMD] – Luca Boccassi [DMD]
  • arch: all any
  • std-ver: 4.7.4
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 17.25.7-1
  • oldstable: 17.25.7-2.4
  • stable: 17.36.7-1
  • testing: 17.38.14-1
  • unstable: 17.38.14-1
versioned links
  • 17.25.7-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 17.25.7-2.4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 17.36.7-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 17.38.14-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libzypp-bin
  • libzypp-common
  • libzypp-config
  • libzypp-dev
  • libzypp-doc
  • libzypp1735
action needed
2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:
  • CVE-2026-25707: A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
  • CVE-2026-44942: A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.
Created: 2026-06-19 Last update: 2026-06-30 10:02
2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:
  • CVE-2026-25707: A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
  • CVE-2026-44942: A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.
Created: 2026-06-19 Last update: 2026-06-30 10:02
Does not build reproducibly during testing normal
A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!
Created: 2026-06-06 Last update: 2026-07-01 18:30
lintian reports 26 warnings normal
Lintian reports 26 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2026-06-23 Last update: 2026-06-23 06:47
2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:
  • CVE-2026-25707: (needs triaging) A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
  • CVE-2026-44942: (needs triaging) A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-06-19 Last update: 2026-06-30 10:02
Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-01-23 Last update: 2026-01-23 10:01
testing migrations
  • This package will soon be part of the auto-yaml-cpp transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2026-06-28] libzypp 17.38.14-1 MIGRATED to testing (Debian testing watch)
  • [2026-06-22] Accepted libzypp 17.38.14-1 (source) into unstable (Luca Boccassi)
  • [2026-06-18] libzypp 17.38.13-1 MIGRATED to testing (Debian testing watch)
  • [2026-06-13] libzypp 17.38.12-1 MIGRATED to testing (Debian testing watch)
  • [2026-06-12] Accepted libzypp 17.38.13-1 (source) into unstable (Luca Boccassi)
  • [2026-06-07] Accepted libzypp 17.38.12-1 (source) into unstable (Luca Boccassi)
  • [2026-06-05] libzypp 17.38.11-1 MIGRATED to testing (Debian testing watch)
  • [2026-05-30] Accepted libzypp 17.38.11-1 (source) into unstable (Luca Boccassi)
  • [2026-05-28] libzypp 17.38.9-1 MIGRATED to testing (Debian testing watch)
  • [2026-05-22] Accepted libzypp 17.38.9-1 (source) into unstable (Luca Boccassi)
  • [2026-05-20] libzypp 17.38.8-1 MIGRATED to testing (Debian testing watch)
  • [2026-05-13] Accepted libzypp 17.38.8-1 (source) into unstable (Luca Boccassi)
  • [2026-05-07] libzypp 17.38.7-1 MIGRATED to testing (Debian testing watch)
  • [2026-05-01] Accepted libzypp 17.38.7-1 (source) into unstable (Luca Boccassi)
  • [2026-04-28] libzypp 17.38.6-1 MIGRATED to testing (Debian testing watch)
  • [2026-04-22] Accepted libzypp 17.38.6-1 (source) into unstable (Luca Boccassi)
  • [2026-03-26] libzypp 17.38.5-1 MIGRATED to testing (Debian testing watch)
  • [2026-03-20] Accepted libzypp 17.38.5-1 (source) into unstable (Luca Boccassi)
  • [2026-03-20] libzypp 17.38.4-1 MIGRATED to testing (Debian testing watch)
  • [2026-03-15] Accepted libzypp 17.38.4-1 (source) into unstable (Luca Boccassi)
  • [2026-03-14] libzypp 17.38.3-1 MIGRATED to testing (Debian testing watch)
  • [2026-03-08] Accepted libzypp 17.38.3-1 (source) into unstable (Luca Boccassi)
  • [2026-02-04] Accepted libzypp 17.38.2-1 (source) into unstable (Luca Boccassi)
  • [2026-01-23] Accepted libzypp 17.38.1-1 (source) into unstable (Luca Boccassi)
  • [2025-12-14] libzypp 17.37.18-1 MIGRATED to testing (Debian testing watch)
  • [2025-12-09] libzypp REMOVED from testing (Debian testing watch)
  • [2025-12-08] Accepted libzypp 17.37.18-1 (source) into unstable (Luca Boccassi)
  • [2025-08-24] libzypp 17.37.17-1 MIGRATED to testing (Debian testing watch)
  • [2025-08-18] Accepted libzypp 17.37.17-1 (source) into unstable (Luca Boccassi)
  • [2025-08-16] libzypp 17.37.16-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian (0, 26)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • other distros
  • security tracker
  • l10n (-, 70)
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 17.38.13-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing