netcdf - Debian Package Tracker

general

source: netcdf (main)
version: 1:4.8.1-1
maintainer: Debian GIS Project (archive) (DMD)
uploaders: Francesco Paolo Lovergine [DMD] – Nico Schlömer [DMD] – Bas Couwenberg [DMD]
arch: all any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:4.4.1.1-2
oldstable: 1:4.6.2-1
stable: 1:4.7.4-1
testing: 1:4.8.1-1
unstable: 1:4.8.1-1

versioned links

1:4.4.1.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.6.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.7.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.8.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libnetcdf-dev
libnetcdf19
netcdf-bin
netcdf-doc

action needed

16 security issues in sid high

There are 16 open security issues in sid.

16 important issues:

CVE-2019-20005: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
CVE-2019-20006: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
CVE-2019-20007: An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
CVE-2019-20198: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
CVE-2019-20199: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
CVE-2019-20200: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
CVE-2019-20201: An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
CVE-2019-20202: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
CVE-2021-26220: The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26221: The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26222: The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-30485: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-31229: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
CVE-2021-31347: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
CVE-2021-31348: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
CVE-2021-31598: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.

Created: 2021-06-14 Last update: 2021-12-05 06:30

16 security issues in bookworm high

There are 16 open security issues in bookworm.

16 important issues:

CVE-2019-20005: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
CVE-2019-20006: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
CVE-2019-20007: An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
CVE-2019-20198: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
CVE-2019-20199: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
CVE-2019-20200: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
CVE-2019-20201: An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
CVE-2019-20202: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
CVE-2021-26220: The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26221: The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26222: The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-30485: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-31229: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
CVE-2021-31347: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
CVE-2021-31348: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
CVE-2021-31598: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.

Created: 2021-08-15 Last update: 2021-12-05 06:30

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 7ac1b3c2a571e222281f477960d876777acbee90
Author: Bas Couwenberg <sebastic@xs4all.nl>
Date:   Sat Oct 23 19:13:45 2021 +0200

    Update watch file to use tags instead of releases.

Created: 2021-10-23 Last update: 2022-01-22 03:00

16 low-priority security issues in buster low

There are 16 open security issues in buster.

16 issues left for the package maintainer to handle:

CVE-2019-20005: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
CVE-2019-20006: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
CVE-2019-20007: (needs triaging) An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
CVE-2019-20198: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
CVE-2019-20199: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
CVE-2019-20200: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
CVE-2019-20201: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
CVE-2019-20202: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
CVE-2021-26220: (needs triaging) The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26221: (needs triaging) The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26222: (needs triaging) The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-30485: (needs triaging) An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-31229: (needs triaging) An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
CVE-2021-31347: (needs triaging) An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
CVE-2021-31348: (needs triaging) An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
CVE-2021-31598: (needs triaging) An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-06-14 Last update: 2021-12-05 06:30

16 low-priority security issues in bullseye low

There are 16 open security issues in bullseye.

16 issues left for the package maintainer to handle:

CVE-2019-20005: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
CVE-2019-20006: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
CVE-2019-20007: (needs triaging) An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
CVE-2019-20198: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
CVE-2019-20199: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
CVE-2019-20200: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
CVE-2019-20201: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
CVE-2019-20202: (needs triaging) An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
CVE-2021-26220: (needs triaging) The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26221: (needs triaging) The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26222: (needs triaging) The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-30485: (needs triaging) An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-31229: (needs triaging) An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
CVE-2021-31347: (needs triaging) An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
CVE-2021-31348: (needs triaging) An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
CVE-2021-31598: (needs triaging) An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-08-14 Last update: 2021-12-05 06:30

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2018-01-26 Last update: 2020-04-22 12:04

testing migrations

This package will soon be part of the auto-hdf5 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-10-04] netcdf 1:4.8.1-1 MIGRATED to testing (Debian testing watch)
[2021-09-29] Accepted netcdf 1:4.8.1-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2021-08-21] Accepted netcdf 1:4.8.1-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2021-03-31] Accepted netcdf 1:4.8.0-1~exp1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Sebastiaan Couwenberg)
[2020-04-27] netcdf 1:4.7.4-1 MIGRATED to testing (Debian testing watch)
[2020-04-21] Accepted netcdf 1:4.7.4-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-04-03] Accepted netcdf 1:4.7.4-1~exp2 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-04-02] Accepted netcdf 1:4.7.4-1~exp1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Sebastiaan Couwenberg)
[2020-01-28] netcdf 1:4.7.3-1 MIGRATED to testing (Debian testing watch)
[2020-01-23] Accepted netcdf 1:4.7.3-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-03] Accepted netcdf 1:4.7.3-1~exp2 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.3-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.2-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.1-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.0-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.6.3-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2019-02-16] Accepted netcdf 1:4.6.2.1-1~exp2 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2019-02-16] Accepted netcdf 1:4.6.2.1-1~exp1 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-12-19] netcdf 1:4.6.2-1 MIGRATED to testing (Debian testing watch)
[2018-11-20] Accepted netcdf 1:4.6.2-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-11-02] Accepted netcdf 1:4.6.2~rc2-1~exp1 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-09-24] Accepted netcdf 1:4.6.2~rc1-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-08-06] netcdf 1:4.6.1-3 MIGRATED to testing (Debian testing watch)
[2018-08-01] Accepted netcdf 1:4.6.1-3 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-07-21] netcdf 1:4.6.1-2 MIGRATED to testing (Debian testing watch)
[2018-07-19] Accepted netcdf 1:4.6.1-2 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-03-25] netcdf 1:4.6.1-1 MIGRATED to testing (Debian testing watch)
[2018-03-20] Accepted netcdf 1:4.6.1-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-01-31] netcdf 1:4.6.0-2 MIGRATED to testing (Debian testing watch)
[2018-01-25] Accepted netcdf 1:4.6.0-2 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.8.1-1
6 bugs