Register | Log in

p7zip

transitional package

Choose email to subscribe with

general

source: p7zip (main)
version: 16.02+transitional.1
maintainer: Robert Luberda (DMD)
arch: all
std-ver: 4.6.2
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 16.02+dfsg-8
oldstable: 16.02+dfsg-8
stable: 16.02+transitional.1

versioned links

16.02+dfsg-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
16.02+transitional.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

p7zip
p7zip-full

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

4 issues left for the package maintainer to handle:

CVE-2023-52168: (needs triaging) The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
CVE-2025-11001: (needs triaging) 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.
CVE-2025-11002: (needs triaging)
CVE-2025-55188: (needs triaging) 7-Zip before 25.01 does not always properly handle symbolic links during extraction.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-11-09 Last update: 2025-11-21 07:00

news

[2025-09-22] p7zip REMOVED from testing (Debian testing watch)
[2025-09-08] Removed 16.02+transitional.1 from unstable (Debian FTP Masters)
[2024-01-21] p7zip 16.02+transitional.1 MIGRATED to testing (Debian testing watch)
[2024-01-10] Accepted p7zip 16.02+transitional.1 (source) into unstable (Robert Luberda)
[2020-08-20] p7zip 16.02+dfsg-8 MIGRATED to testing (Debian testing watch)
[2020-08-20] p7zip 16.02+dfsg-8 MIGRATED to testing (Debian testing watch)
[2020-08-15] Accepted p7zip 16.02+dfsg-8 (source) into unstable (Robert Luberda)
[2019-08-15] p7zip 16.02+dfsg-7 MIGRATED to testing (Debian testing watch)
[2019-08-09] Accepted p7zip 16.02+dfsg-7 (source) into unstable (Robert Luberda)
[2018-02-11] p7zip 16.02+dfsg-6 MIGRATED to testing (Debian testing watch)
[2018-02-10] Accepted p7zip 9.20.1~dfsg.1-4.1+deb8u3 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2018-02-09] Accepted p7zip 16.02+dfsg-3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2018-02-05] Accepted p7zip 16.02+dfsg-6 (source amd64) into unstable (Robert Luberda)
[2018-02-03] p7zip 16.02+dfsg-5 MIGRATED to testing (Debian testing watch)
[2018-02-02] Accepted p7zip 9.20.1~dfsg.1-4+deb7u3 (source amd64) into oldoldstable (Antoine Beaupré)
[2018-01-28] Accepted p7zip 16.02+dfsg-5 (source amd64) into unstable (Robert Luberda)
[2017-07-23] p7zip 16.02+dfsg-4 MIGRATED to testing (Debian testing watch)
[2017-07-15] Accepted p7zip 16.02+dfsg-4 (source amd64) into unstable (Robert Luberda)
[2017-04-13] p7zip 16.02+dfsg-3 MIGRATED to testing (Debian testing watch)
[2017-04-10] Accepted p7zip 16.02+dfsg-3 (source) into unstable (Robert Luberda)
[2016-11-25] p7zip 16.02+dfsg-2 MIGRATED to testing (Debian testing watch)
[2016-11-19] Accepted p7zip 16.02+dfsg-2 (source) into unstable (Robert Luberda)
[2016-08-26] p7zip 16.02+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-08-15] Accepted p7zip 16.02+dfsg-1 (source) into unstable (Robert Luberda)
[2016-06-10] Accepted p7zip 9.20.1~dfsg.1-4+deb7u2 (source i386) into oldstable (signed by: Brian May)
[2016-06-09] Accepted p7zip 9.20.1~dfsg.1-4.1+deb8u2 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-05-18] p7zip 15.14.1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2016-05-15] Accepted p7zip 15.14.1+dfsg-2 (source) into unstable (Robert Luberda)
[2016-04-28] p7zip 15.14.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-04-16] Accepted p7zip 15.14.1+dfsg-1 (source) into unstable (Robert Luberda)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 16.02+transitional.1
26 bugs (1 patch)

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing