netcdf-parallel - Debian Package Tracker

general

source: netcdf-parallel (main)
version: 1:4.9.0-1
maintainer: Alastair McKinstry (DMD)
arch: any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1:4.6.2-1
stable: 1:4.7.4-1
testing: 1:4.9.0-1
unstable: 1:4.9.0-1

versioned links

1:4.6.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.7.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.9.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libnetcdf-mpi-19
libnetcdf-mpi-dev (2 bugs: 0, 2, 0, 0)
libnetcdf-pnetcdf-19
libnetcdf-pnetcdf-dev

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://github.com/Unidata/netcdf-c/releases (?:.*?/archive/(?:.*?/)?)?(?:rel|v|r|netcdf-c)?[\-\_]?(\d[\d\-\.\w]+)\.(?:tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))

Created: 2022-09-22 Last update: 2022-11-28 07:33

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

fatal: could not read Username for 'https://salsa.debian.org': No such device or address

Created: 2018-11-06 Last update: 2022-11-25 13:07

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2022-07-27 Last update: 2022-11-28 11:32

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-01-01 Last update: 2022-07-30 12:15

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2020-09-16 Last update: 2020-09-16 06:00

No known security issue in bullseye wishlist

There are 17 open security issues in bullseye.

17 ignored issues:

CVE-2019-20005: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
CVE-2019-20006: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
CVE-2019-20007: An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
CVE-2019-20198: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
CVE-2019-20199: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
CVE-2019-20200: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
CVE-2019-20201: An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
CVE-2019-20202: An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
CVE-2021-26220: The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26221: The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26222: The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-30485: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-31229: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
CVE-2021-31347: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
CVE-2021-31348: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
CVE-2021-31598: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
CVE-2022-30045: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.

Created: 2022-07-04 Last update: 2022-08-01 13:40

testing migrations

This package will soon be part of the auto-hdf5 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2022-06-20] netcdf-parallel 1:4.9.0-1 MIGRATED to testing (Debian testing watch)
[2022-06-14] Accepted netcdf-parallel 1:4.9.0-1 (source) into unstable (Alastair McKinstry)
[2021-11-03] netcdf-parallel 1:4.8.1-2 MIGRATED to testing (Debian testing watch)
[2021-10-29] Accepted netcdf-parallel 1:4.8.1-2 (source) into unstable (Alastair McKinstry)
[2021-10-26] Accepted netcdf-parallel 1:4.8.1-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Alastair McKinstry)
[2020-09-25] netcdf-parallel 1:4.7.4-1 MIGRATED to testing (Debian testing watch)
[2020-09-11] Accepted netcdf-parallel 1:4.7.4-1 (source amd64) into unstable, unstable (Debian FTP Masters) (signed by: Alastair McKinstry)
[2020-09-07] netcdf-parallel 1:4.7.3-2 MIGRATED to testing (Debian testing watch)
[2020-08-24] netcdf-parallel REMOVED from testing (Debian testing watch)
[2020-03-16] netcdf-parallel 1:4.7.3-2 MIGRATED to testing (Debian testing watch)
[2020-03-11] Accepted netcdf-parallel 1:4.7.3-2 (source) into unstable (Alastair McKinstry)
[2020-02-18] Accepted netcdf-parallel 1:4.7.3-1 (source amd64) into experimental, experimental (Alastair McKinstry)
[2018-12-24] netcdf-parallel 1:4.6.2-1 MIGRATED to testing (Debian testing watch)
[2018-12-19] Accepted netcdf-parallel 1:4.6.2-1 (source amd64) into unstable (Alastair McKinstry)
[2018-12-19] netcdf-parallel 1:4.6.1-5 MIGRATED to testing (Debian testing watch)
[2018-11-26] Accepted netcdf-parallel 1:4.6.1-5 (source amd64) into unstable (Alastair McKinstry)
[2018-11-24] Accepted netcdf-parallel 1:4.6.1-4 (source amd64) into unstable (Alastair McKinstry)
[2018-11-11] netcdf-parallel 1:4.6.1-3 MIGRATED to testing (Debian testing watch)
[2018-11-08] Accepted netcdf-parallel 1:4.6.1-3 (source amd64) into unstable (Alastair McKinstry)
[2018-11-07] Accepted netcdf-parallel 1:4.6.1-2 (source amd64) into unstable (Alastair McKinstry)
[2018-11-06] Accepted netcdf-parallel 1:4.6.1-1 (source amd64) into unstable, unstable (Alastair McKinstry)

bugs [bug history graph]

all: 5
RC: 0
I&N: 4
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (0, 5)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.9.0-1