Register | Log in

netcdf

Choose email to subscribe with

general

source: netcdf (main)
version: 1:4.9.0-3
maintainer: Debian GIS Project (archive) (DMD)
uploaders: Francesco Paolo Lovergine [DMD] – Nico Schlömer [DMD] – Bas Couwenberg [DMD]
arch: all any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1:4.6.2-1
stable: 1:4.7.4-1
testing: 1:4.9.0-3
unstable: 1:4.9.0-3
exp: 1:4.9.2-1~exp1

versioned links

1:4.6.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.7.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.9.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.9.2-1~exp1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libnetcdf-dev
libnetcdf19
netcdf-bin
netcdf-doc

action needed

A new upstream version is available: 4.9.2 high

A new upstream version 4.9.2 is available, you should consider packaging it.

Created: 2022-10-22 Last update: 2023-05-17 13:03

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2018-01-26 Last update: 2020-04-22 12:04

No known security issue in bullseye wishlist

There are 17 open security issues in bullseye.

17 ignored issues:

CVE-2019-20005: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
CVE-2019-20006: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
CVE-2019-20007: An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
CVE-2019-20198: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
CVE-2019-20199: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
CVE-2019-20200: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
CVE-2019-20201: An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
CVE-2019-20202: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
CVE-2021-26220: The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26221: The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26222: The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-30485: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-31229: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
CVE-2021-31347: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
CVE-2021-31348: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
CVE-2021-31598: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
CVE-2022-30045: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.

Created: 2022-07-04 Last update: 2023-03-27 11:06

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.1).

Created: 2022-12-17 Last update: 2022-12-17 19:17

testing migrations

This package will soon be part of the auto-hdf5 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[2023-03-15] Accepted netcdf 1:4.9.2-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2023-02-06] Accepted netcdf 1:4.9.1-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2022-11-22] Accepted netcdf 1:4.9.1~rc2-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2022-10-22] Accepted netcdf 1:4.9.1~rc1-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2022-08-04] netcdf 1:4.9.0-3 MIGRATED to testing (Debian testing watch)
[2022-07-30] Accepted netcdf 1:4.9.0-3 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2022-06-17] netcdf 1:4.9.0-2 MIGRATED to testing (Debian testing watch)
[2022-06-12] Accepted netcdf 1:4.9.0-2 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2022-06-11] Accepted netcdf 1:4.9.0-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2021-10-04] netcdf 1:4.8.1-1 MIGRATED to testing (Debian testing watch)
[2021-09-29] Accepted netcdf 1:4.8.1-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2021-08-21] Accepted netcdf 1:4.8.1-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2021-03-31] Accepted netcdf 1:4.8.0-1~exp1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Sebastiaan Couwenberg)
[2020-04-27] netcdf 1:4.7.4-1 MIGRATED to testing (Debian testing watch)
[2020-04-21] Accepted netcdf 1:4.7.4-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-04-03] Accepted netcdf 1:4.7.4-1~exp2 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-04-02] Accepted netcdf 1:4.7.4-1~exp1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Sebastiaan Couwenberg)
[2020-01-28] netcdf 1:4.7.3-1 MIGRATED to testing (Debian testing watch)
[2020-01-23] Accepted netcdf 1:4.7.3-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-03] Accepted netcdf 1:4.7.3-1~exp2 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.3-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.2-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.1-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.7.0-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2020-01-02] Accepted netcdf 1:4.6.3-1~exp1 (source amd64 all) into experimental, experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2019-02-16] Accepted netcdf 1:4.6.2.1-1~exp2 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2019-02-16] Accepted netcdf 1:4.6.2.1-1~exp1 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-12-19] netcdf 1:4.6.2-1 MIGRATED to testing (Debian testing watch)
[2018-11-20] Accepted netcdf 1:4.6.2-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-11-02] Accepted netcdf 1:4.6.2~rc2-1~exp1 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, exp, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.9.0-3
6 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing