Debian Package Tracker
Register | Log in
Subscribe

lmdb

Choose email to subscribe with

general
  • source: lmdb (main)
  • version: 0.9.31-1
  • maintainer: LMDB (DMD)
  • uploaders: Ondřej Surý [DMD] – Jakub Ružička [DMD]
  • arch: all any
  • std-ver: 4.6.2.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.9.24-1
  • oldstable: 0.9.24-1
  • stable: 0.9.31-1
  • testing: 0.9.31-1
  • unstable: 0.9.31-1
versioned links
  • 0.9.24-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.9.31-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • liblmdb-dev
  • liblmdb0 (1 bugs: 0, 1, 0, 0)
  • lmdb-doc
  • lmdb-utils (1 bugs: 0, 1, 0, 0)
action needed
Problems while searching for a new upstream version high
uscan had problems while searching for a new upstream version:
In debian/watch no matching files for watch source
  https://git.openldap.org/openldap/openldap/-/tags?sort=updated_desc&search=lmdb
Created: 2024-05-06 Last update: 2026-07-07 20:30
6 security issues in sid high

There are 6 open security issues in sid.

6 important issues:
  • CVE-2019-16224: An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16225: An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16226: An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16227: An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16228: An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2026-22185: OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.
Created: 2026-01-09 Last update: 2026-07-03 00:30
6 security issues in forky high

There are 6 open security issues in forky.

6 important issues:
  • CVE-2019-16224: An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16225: An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16226: An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16227: An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16228: An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2026-22185: OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.
Created: 2026-01-09 Last update: 2026-07-03 00:30
6 security issues in bookworm high

There are 6 open security issues in bookworm.

5 important issues:
  • CVE-2019-16224: An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16225: An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16226: An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16227: An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16228: An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
1 issue left for the package maintainer to handle:
  • CVE-2026-22185: (needs triaging) OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-01-09 Last update: 2026-07-03 00:30
6 security issues in bullseye high

There are 6 open security issues in bullseye.

5 important issues:
  • CVE-2019-16224: An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16225: An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16226: An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16227: An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16228: An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
1 issue postponed or untriaged:
  • CVE-2026-22185: (postponed; to be fixed through a stable update) OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.
Created: 2026-07-03 Last update: 2026-07-03 00:30
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 0.9.31-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit 345eff90ddb764eb75fe727857bdd9e688ae92df
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Sun Nov 12 19:38:06 2023 +0100

    d/rules: Also disable tests on hurd-amd64
Created: 2023-11-12 Last update: 2026-07-02 17:32
5 open merge requests in Salsa normal
There are 5 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.
Created: 2025-08-19 Last update: 2026-06-24 00:51
lintian reports 117 warnings normal
Lintian reports 117 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2025-08-27 Last update: 2026-05-27 12:01
6 low-priority security issues in trixie low

There are 6 open security issues in trixie.

6 issues left for the package maintainer to handle:
  • CVE-2019-16224: (needs triaging) An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16225: (needs triaging) An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16226: (needs triaging) An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16227: (needs triaging) An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2019-16228: (needs triaging) An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
  • CVE-2026-22185: (needs triaging) OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-01-09 Last update: 2026-07-03 00:30
debian/patches: 2 patches to forward upstream low

Among the 2 debian patches available in version 0.9.31-1 of the package, we noticed the following issues:

  • 2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2023-08-17 09:41
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.6.2.0).
Created: 2024-04-07 Last update: 2026-03-31 15:01
news
[rss feed]
  • [2023-08-22] lmdb 0.9.31-1 MIGRATED to testing (Debian testing watch)
  • [2023-08-16] Accepted lmdb 0.9.31-1 (source) into unstable (Jakub Ružička)
  • [2020-04-01] lmdb 0.9.24-1 MIGRATED to testing (Debian testing watch)
  • [2020-03-25] Accepted lmdb 0.9.24-1 (source) into unstable (Ondřej Surý)
  • [2018-07-22] lmdb 0.9.22-1 MIGRATED to testing (Debian testing watch)
  • [2018-07-16] Accepted lmdb 0.9.22-1 (source) into unstable (Ondřej Surý)
  • [2017-06-20] lmdb 0.9.21-1 MIGRATED to testing (Debian testing watch)
  • [2017-06-08] Accepted lmdb 0.9.21-1 (source) into unstable (Ondřej Surý)
  • [2017-02-27] Accepted lmdb 0.9.19-1 (source) into unstable (Ondřej Surý)
  • [2016-11-19] lmdb 0.9.18-5 MIGRATED to testing (Debian testing watch)
  • [2016-11-14] Accepted lmdb 0.9.18-5 (source) into unstable (Ondřej Surý)
  • [2016-05-27] lmdb 0.9.18-4 MIGRATED to testing (Debian testing watch)
  • [2016-05-20] Accepted lmdb 0.9.18-4 (source) into unstable (Ondřej Surý)
  • [2016-05-20] Accepted lmdb 0.9.18-2 (source) into unstable (Ondřej Surý)
  • [2016-05-19] Accepted lmdb 0.9.18-1~bpo80+1 (source amd64 all) into jessie-backports, jessie-backports (Ondřej Surý)
  • [2016-04-07] lmdb 0.9.18-1 MIGRATED to testing (Debian testing watch)
  • [2016-04-01] Accepted lmdb 0.9.18-1 (source amd64 all) into unstable (Ondřej Surý)
  • [2016-01-03] lmdb 0.9.17-3 MIGRATED to testing (Debian testing watch)
  • [2015-12-28] lmdb 0.9.17-1 MIGRATED to testing (Debian testing watch)
  • [2015-12-28] Accepted lmdb 0.9.17-3 (source amd64 all) into unstable (Ondřej Surý)
  • [2015-12-22] Accepted lmdb 0.9.17-1 (source amd64 all) into unstable (Ondřej Surý)
  • [2015-09-27] lmdb 0.9.16-1 MIGRATED to testing (Britney)
  • [2015-09-21] Accepted lmdb 0.9.16-1 (source amd64 all) into unstable (Ondřej Surý)
  • [2015-07-07] lmdb 0.9.15-1 MIGRATED to testing (Britney)
  • [2015-07-01] Accepted lmdb 0.9.15-1 (source amd64 all) into unstable (Ondřej Surý)
  • [2014-10-24] lmdb 0.9.14-1 MIGRATED to testing (Britney)
  • [2014-10-13] Accepted lmdb 0.9.14-1 (source all) into unstable (Ondřej Surý)
  • [2014-02-22] lmdb 0.9.11-1 MIGRATED to testing (Debian testing watch)
  • [2014-02-11] Accepted lmdb 0.9.11-1 (source amd64 all) (Ondřej Surý)
  • [2013-12-30] lmdb 0.9.10-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 8
  • RC: 0
  • I&N: 7
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 117)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • other distros
  • security tracker
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.9.31-1build2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing