netcdf - Debian Package Tracker

general

source: netcdf (main)
version: 1:4.9.0-3
maintainer: Debian GIS Project (archive) (DMD)
uploaders: Francesco Paolo Lovergine [DMD] – Nico Schlömer [DMD] – Bas Couwenberg [DMD]
arch: all any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:4.4.1.1-2
oldstable: 1:4.6.2-1
stable: 1:4.7.4-1
testing: 1:4.9.0-3
unstable: 1:4.9.0-3
exp: 1:4.9.1~rc2-1~exp1

versioned links

1:4.4.1.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.6.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.7.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.9.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.9.1~rc2-1~exp1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libnetcdf-dev
libnetcdf19
netcdf-bin
netcdf-doc

action needed

A new upstream version is available: 4.9.1~rc2 high

A new upstream version 4.9.1~rc2 is available, you should consider packaging it.

Created: 2022-10-22 Last update: 2022-12-02 19:09

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2022-10-16 Last update: 2022-12-02 19:12

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1:4.9.1~rc2-1~exp2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 80334be41859152c56c48c009c1d164e9d0b29b3
Author: Bas Couwenberg <sebastic@xs4all.nl>
Date:   Mon Nov 28 14:09:33 2022 +0100

    Add Rules-Requires-Root to control file.

Created: 2022-11-29 Last update: 2022-11-29 14:41

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-07-30 Last update: 2022-07-30 16:32

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2018-01-26 Last update: 2020-04-22 12:04

No known security issue in bullseye wishlist

There are 17 open security issues in bullseye.

17 ignored issues:

CVE-2019-20005: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
CVE-2019-20006: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
CVE-2019-20007: An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
CVE-2019-20198: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
CVE-2019-20199: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
CVE-2019-20200: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
CVE-2019-20201: An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
CVE-2019-20202: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
CVE-2021-26220: The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26221: The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26222: The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-30485: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-31229: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
CVE-2021-31347: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
CVE-2021-31348: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
CVE-2021-31598: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
CVE-2022-30045: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.

Created: 2022-07-04 Last update: 2022-08-04 10:06

testing migrations

This package will soon be part of the auto-hdf5 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2022-11-22] Accepted netcdf 1:4.9.1~rc2-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2022-10-22] Accepted netcdf 1:4.9.1~rc1-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2022-08-04] netcdf 1:4.9.0-3 MIGRATED to testing (Debian testing watch)
[2022-07-30] Accepted netcdf 1:4.9.0-3 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2022-06-17] netcdf 1:4.9.0-2 MIGRATED to testing (Debian testing watch)
[2022-06-12] Accepted netcdf 1:4.9.0-2 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2022-06-11] Accepted netcdf 1:4.9.0-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2021-10-04] netcdf 1:4.8.1-1 MIGRATED to testing (Debian testing watch)
[2021-09-29] Accepted netcdf 1:4.8.1-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2021-08-21] Accepted netcdf 1:4.8.1-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2021-03-31] Accepted netcdf 1:4.8.0-1~exp1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Sebastiaan Couwenberg)
[2020-04-27] netcdf 1:4.7.4-1 MIGRATED to testing (Debian testing watch)
[2020-04-21] Accepted netcdf 1:4.7.4-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-04-03] Accepted netcdf 1:4.7.4-1~exp2 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-04-02] Accepted netcdf 1:4.7.4-1~exp1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Sebastiaan Couwenberg)
[2020-01-28] netcdf 1:4.7.3-1 MIGRATED to testing (Debian testing watch)
[2020-01-23] Accepted netcdf 1:4.7.3-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-03] Accepted netcdf 1:4.7.3-1~exp2 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.3-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.2-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.1-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.0-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.6.3-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2019-02-16] Accepted netcdf 1:4.6.2.1-1~exp2 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2019-02-16] Accepted netcdf 1:4.6.2.1-1~exp1 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-12-19] netcdf 1:4.6.2-1 MIGRATED to testing (Debian testing watch)
[2018-11-20] Accepted netcdf 1:4.6.2-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-11-02] Accepted netcdf 1:4.6.2~rc2-1~exp1 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-09-24] Accepted netcdf 1:4.6.2~rc1-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-08-06] netcdf 1:4.6.1-3 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 2)
buildd: logs, exp, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.9.0-3
6 bugs