Debian Package Tracker
Register | Log in
Subscribe

liferea

feed/news/podcast client with plugin support

Choose email to subscribe with

general
  • source: liferea (main)
  • version: 1.14.1-1
  • maintainer: Paul Gevers (DMD) (LowNMU)
  • arch: all any
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.12~rc3-1
  • oldstable: 1.12.6-1+deb10u1
  • stable: 1.13.5-3
  • testing: 1.14.1-1
  • unstable: 1.14.1-1
versioned links
  • 1.12~rc3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.12.6-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.13.5-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.14.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • liferea (43 bugs: 1, 25, 17, 0)
  • liferea-data
action needed
Problems while searching for a new upstream version high
uscan had problems while searching for a new upstream version:
In watchfile debian/watch, reading webpage
  https://api.github.com/repos/lwindolf/liferea/releases?per_page=100 failed: 403 rate limit exceeded
Created: 2023-03-17 Last update: 2023-03-20 19:31
1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:
  • CVE-2023-1350: A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.
Created: 2023-03-12 Last update: 2023-03-15 07:00
lintian reports 1 error and 2 warnings high
Lintian reports 1 error and 2 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2023-01-16 Last update: 2023-02-05 08:34
2 bugs tagged help in the BTS normal
The BTS contains 2 bugs tagged help, please consider helping the maintainer in dealing with them.
Created: 2019-03-21 Last update: 2023-03-20 22:02
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2022-07-27 Last update: 2023-03-20 22:02
AppStream hints: 7 warnings normal
AppStream found metadata issues for packages:
  • liferea: 7 warnings
You should get rid of them to provide more metadata about this software.
Created: 2023-01-16 Last update: 2023-01-16 09:01
1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:
  • CVE-2023-1350: (needs triaging) A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-03-12 Last update: 2023-03-15 07:00
debian/patches: 1 patch to forward upstream low

Among the 2 debian patches available in version 1.14.1-1 of the package, we noticed the following issues:

  • 1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2023-03-13 07:41
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2022-10-20 Last update: 2022-10-20 18:00
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.5.0).
Created: 2020-11-17 Last update: 2023-03-13 07:43
news
[rss feed]
  • [2023-03-15] liferea 1.14.1-1 MIGRATED to testing (Debian testing watch)
  • [2023-03-12] Accepted liferea 1.14.1-1 (source) into unstable (Paul Gevers)
  • [2023-01-21] liferea 1.14.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-01-15] Accepted liferea 1.14.0-1 (source) into unstable (Paul Gevers)
  • [2023-01-01] liferea 1.14~rc3-1 MIGRATED to testing (Debian testing watch)
  • [2022-12-26] Accepted liferea 1.14~rc3-1 (source) into unstable (Paul Gevers)
  • [2022-11-16] liferea 1.14~rc2-2 MIGRATED to testing (Debian testing watch)
  • [2022-11-10] Accepted liferea 1.14~rc2-2 (source) into unstable (Paul Gevers)
  • [2022-10-29] Accepted liferea 1.14~rc2-1 (source) into unstable (Paul Gevers)
  • [2022-10-26] liferea 1.14~rc1-1 MIGRATED to testing (Debian testing watch)
  • [2022-10-20] Accepted liferea 1.14~rc1-1 (source) into unstable (Paul Gevers)
  • [2022-08-02] liferea 1.13.9-1 MIGRATED to testing (Debian testing watch)
  • [2022-07-28] Accepted liferea 1.13.9-1 (source) into unstable (Paul Gevers)
  • [2022-04-12] liferea 1.13.8-1 MIGRATED to testing (Debian testing watch)
  • [2022-04-07] Accepted liferea 1.13.8-1 (source) into unstable (Paul Gevers)
  • [2021-12-23] liferea 1.13.7-2 MIGRATED to testing (Debian testing watch)
  • [2021-12-18] Accepted liferea 1.13.7-2 (source) into unstable (Paul Gevers)
  • [2021-12-08] Accepted liferea 1.13.7-1 (source) into unstable (Paul Gevers)
  • [2021-08-27] liferea 1.13.6-2 MIGRATED to testing (Debian testing watch)
  • [2021-08-27] liferea 1.13.6-2 MIGRATED to testing (Debian testing watch)
  • [2021-08-21] Accepted liferea 1.13.6-2 (source) into unstable (Paul Gevers)
  • [2021-07-17] liferea 1.13.5-3 MIGRATED to testing (Debian testing watch)
  • [2021-07-11] Accepted liferea 1.13.5-3 (source) into unstable (Paul Gevers)
  • [2021-06-11] Accepted liferea 1.12.6-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Paul Gevers)
  • [2021-06-10] Accepted liferea 1.13.6-1 (source) into experimental (Paul Gevers)
  • [2021-05-05] liferea 1.13.5-2 MIGRATED to testing (Debian testing watch)
  • [2021-04-27] Accepted liferea 1.13.5-2 (source) into unstable (Paul Gevers)
  • [2021-01-20] liferea 1.13.5-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-14] Accepted liferea 1.13.5-1 (source) into unstable (Paul Gevers)
  • [2020-10-16] liferea 1.13.3-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 42 43
  • RC: 1
  • I&N: 24 25
  • M&W: 17
  • F&P: 0
  • patch: 1
  • help: 2
links
  • homepage
  • lintian (1, 2)
  • buildd: logs, checks, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • l10n (-, 69)
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.14.0-1
  • 66 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing