Debian Package Tracker

general

source: procps (main)
version: 2:3.3.15-1
maintainer: Craig Small [DMD]
arch: any
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:3.3.3-3
oldstable: 2:3.3.9-9
old-sec: 2:3.3.9-9+deb8u1
stable: 2:3.3.12-3
stable-sec: 2:3.3.12-3+deb9u1
testing: 2:3.3.14-1
unstable: 2:3.3.15-1

versioned links

1:3.3.3-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:3.3.9-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:3.3.9-9+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:3.3.12-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:3.3.12-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:3.3.14-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:3.3.15-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libprocps-dev
libprocps7
procps

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://gitlab.com/procps-ng/procps/tags?sort=updated_desc .*v([0-9.]+)/archive\.tar\.gz

Created: 2018-04-19 Last update: 2018-05-25 14:01

5 security issues in buster high

There are 5 open security issues in buster.

5 important issues:

CVE-2018-1122: procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
CVE-2018-1125: procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
CVE-2018-1124: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
CVE-2018-1123: procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
CVE-2018-1126: procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

Please fix them.

Created: 2018-05-17 Last update: 2018-05-25 08:04

5 security issues in wheezy high

There are 5 open security issues in wheezy.

5 important issues:

CVE-2018-1122: procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
CVE-2018-1125: procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
CVE-2018-1124: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
CVE-2018-1123: procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
CVE-2018-1126: procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

Please fix them.

Created: 2018-05-17 Last update: 2018-05-25 08:04

Depends on packages which need a new maintainer normal

The packages that procps depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2017-12-02 Last update: 2018-05-25 14:06

3 bugs tagged help in the BTS normal

The BTS contains 3 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2017-08-29 Last update: 2018-05-25 13:40

6 bugs tagged patch in the BTS normal

The BTS contains patches fixing 6 bugs, consider including or untagging them.

Created: 2017-11-21 Last update: 2018-05-25 13:40

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2018-05-21 Last update: 2018-05-21 07:50

9 new commits since last upload, time to release an update? normal

vcswatch reports that this package seems to have new commits in its VCS. You should consider updating the debian/changelog and uploading this new version into the archive.

Created: 2018-05-21 Last update: 2018-05-21 01:56

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.4 instead of 4.1.3).

Created: 2018-04-11 Last update: 2018-05-22 19:33

testing migrations

This package is part of the ongoing testing transition known as auto-procps. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Too young, only 4 of 5 days old
- old binaries left on amd64: libprocps6 (from 2:3.3.14-1) (but ignoring cruft, so nevermind)
- old binaries left on i386: libprocps6 (from 2:3.3.14-1) (but ignoring cruft, so nevermind)
- old binaries left on arm64: libprocps6 (from 2:3.3.14-1) (but ignoring cruft, so nevermind)
- old binaries left on armel: libprocps6 (from 2:3.3.14-1) (but ignoring cruft, so nevermind)
- old binaries left on armhf: libprocps6 (from 2:3.3.14-1) (but ignoring cruft, so nevermind)
- old binaries left on mips: libprocps6 (from 2:3.3.14-1) (but ignoring cruft, so nevermind)
- old binaries left on mips64el: libprocps6 (from 2:3.3.14-1) (but ignoring cruft, so nevermind)
- old binaries left on mipsel: libprocps6 (from 2:3.3.14-1) (but ignoring cruft, so nevermind)
- old binaries left on ppc64el: libprocps6 (from 2:3.3.14-1) (but ignoring cruft, so nevermind)
- old binaries left on s390x: libprocps6 (from 2:3.3.14-1) (but ignoring cruft, so nevermind)
- Piuparts tested OK - https://piuparts.debian.org/sid/source/p/procps.html
- autopkgtest for apache2/2.4.29-2: amd64: Pass
- autopkgtest for autopkgtest/5.3.1: amd64: Pass
- autopkgtest for clamav/0.100.0+dfsg-1: amd64: Pass
- autopkgtest for cmake/3.11.2-1: amd64: Pass
- autopkgtest for conntrack-tools/1:1.4.5-1: amd64: Pass
- autopkgtest for corosync/2.4.4-3: amd64: Pass
- autopkgtest for cups/2.2.7-5: amd64: Pass
- autopkgtest for gamera/1:3.4.2+git20160808.1725654-2: amd64: Pass
- autopkgtest for gearmand/1.1.18+ds-1: amd64: Pass
- autopkgtest for gunicorn/19.8.1-1: amd64: Pass
- autopkgtest for libdbd-mysql-perl/4.046-1: amd64: Pass
- autopkgtest for libtest-corpus-audio-mpd-perl/1.120990-2: amd64: Pass
- autopkgtest for munin/2.0.37-1: amd64: Pass
- autopkgtest for nama/1.208-2: amd64: Pass
- autopkgtest for nodejs/8.11.2~dfsg-1: amd64: Pass
- autopkgtest for openssh/1:7.7p1-2: amd64: Pass
- autopkgtest for php7.0/7.0.29-1: amd64: Pass
- autopkgtest for postgresql-common/191: amd64: Pass
- autopkgtest for pslist/1.4.0-1: amd64: Pass
- autopkgtest for python-afl/0.7-1: amd64: Pass
- autopkgtest for rc/1.7.4-1: amd64: Pass
- autopkgtest for reprotest/0.7.7: amd64: Always failed
- autopkgtest for rhinote/0.7.4-3: amd64: Pass
- autopkgtest for s3ql/2.26+dfsg-4: amd64: Pass
- autopkgtest for samba/2:4.7.4+dfsg-2: amd64: Pass
- autopkgtest for screenfetch/3.8.0-8: amd64: Pass
- autopkgtest for smcroute/2.0.0-6: amd64: Pass
- autopkgtest for spamassassin/3.4.1-8: amd64: Pass
- autopkgtest for spectrwm/3.1.0-4: amd64: Pass
- autopkgtest for suricata/1:4.0.4-1: amd64: Pass
- autopkgtest for systemd/238-4: amd64: Always failed
- autopkgtest for tracker-miners/2.0.4-2: amd64: Pass
- autopkgtest for virtualbox/5.2.10-dfsg-6: amd64: Always failed
- Not considered

news

[rss feed]

[2018-05-22] Accepted procps 2:3.3.12-3+deb9u1 (source) into stable->embargoed, stable (Salvatore Bonaccorso)
[2018-05-22] Accepted procps 2:3.3.9-9+deb8u1 (source) into oldstable->embargoed, oldstable (Salvatore Bonaccorso)
[2018-05-20] Accepted procps 2:3.3.15-1 (source amd64) into unstable, unstable (Craig Small)
[2018-04-16] procps 2:3.3.14-1 MIGRATED to testing (Debian testing watch)
[2018-04-10] Accepted procps 2:3.3.14-1 (source amd64) into unstable (Craig Small)
[2018-04-02] Accepted procps 2:3.3.13-1 (source amd64) into unstable (Craig Small)
[2018-02-15] procps 2:3.3.12-4 MIGRATED to testing (Debian testing watch)
[2018-02-10] Accepted procps 2:3.3.12-4 (source amd64) into unstable (Craig Small)
[2016-11-28] procps 2:3.3.12-3 MIGRATED to testing (Debian testing watch)
[2016-11-22] Accepted procps 2:3.3.12-3 (source amd64) into unstable (Craig Small)
[2016-07-19] procps 2:3.3.12-2 MIGRATED to testing (Debian testing watch)
[2016-07-13] Accepted procps 2:3.3.12-2 (source amd64) into unstable (Craig Small)
[2016-07-10] Accepted procps 2:3.3.12-1 (source amd64) into unstable, unstable (Craig Small)
[2016-01-08] procps 2:3.3.11-3 MIGRATED to testing (Debian testing watch)
[2016-01-03] Accepted procps 2:3.3.11-3 (source amd64) into unstable (Craig Small)
[2015-09-05] Accepted procps 2:3.3.10-4 (source amd64) into unstable (Craig Small)
[2015-09-03] Accepted procps 2:3.3.10-3 (source amd64) into unstable (Craig Small)
[2015-08-13] Accepted procps 2:3.3.11-2 (source amd64) into experimental, experimental (Craig Small)
[2015-07-02] procps 2:3.3.10-2 MIGRATED to testing (Britney)
[2015-06-26] Accepted procps 2:3.3.10-2 (source amd64) into unstable, unstable (Craig Small)
[2015-06-26] Accepted procps 2:3.3.10-1 (source amd64) into unstable, unstable (Craig Small)
[2015-03-09] procps 2:3.3.9-9 MIGRATED to testing (Britney)
[2015-03-06] Accepted procps 2:3.3.9-9 (source amd64) into unstable (Craig Small)
[2014-10-03] procps 2:3.3.9-8 MIGRATED to testing (Britney)
[2014-09-28] Accepted procps 2:3.3.9-8 (source amd64) into unstable (Craig Small)
[2014-09-24] Accepted procps 1:3.3.10-1 (source amd64) into unstable, unstable (Craig Small)
[2014-07-19] procps 1:3.3.9-7 MIGRATED to testing (Britney)
[2014-07-13] Accepted procps 1:3.3.9-7 (source amd64) (Craig Small)
[2014-06-28] Accepted procps 1:3.3.9-6 (source amd64) (Craig Small)
[2014-06-02] procps 1:3.3.9-5 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 67 69
RC: 0
I&N: 16 18
M&W: 50
F&P: 1
help: 3

links

homepage
lintian (0, 1)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2:3.3.12-3ubuntu2
112 bugs (4 patches)
patches for 2:3.3.12-3ubuntu2