nmap - Debian Package Tracker

general

source: nmap (main)
version: 7.99+dfsg-1
maintainer: Debian Security Tools (DMD)
uploaders: Hilko Bengen [DMD] – Samuel Henrique [DMD]
arch: all any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7.91+dfsg1+really7.80+dfsg1-2
oldstable: 7.93+dfsg1-1
old-bpo: 7.94+git20230807.3be01efb1+dfsg-4~bpo12+1
stable: 7.95+dfsg-3
stable-bpo: 7.98+dfsg-1~bpo13+1
testing: 7.99+dfsg-1
unstable: 7.99+dfsg-1

versioned links

7.91+dfsg1+really7.80+dfsg1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.93+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.94+git20230807.3be01efb1+dfsg-4~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.95+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.98+dfsg-1~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.99+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ncat (2 bugs: 0, 1, 1, 0)
ndiff
nmap (7 bugs: 0, 4, 3, 0)
nmap-common (1 bugs: 0, 0, 1, 0)
zenmap (2 bugs: 0, 1, 1, 0)

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2026-58058: Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a crafted IPv6 response with a truncated extension header can trigger out-of-bounds reads and a crash during raw IPv6 scans.

Created: 2026-06-28 Last update: 2026-06-28 17:01

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-58058: Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a crafted IPv6 response with a truncated extension header can trigger out-of-bounds reads and a crash during raw IPv6 scans.

Created: 2026-06-28 Last update: 2026-06-28 17:01

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-58058: Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a crafted IPv6 response with a truncated extension header can trigger out-of-bounds reads and a crash during raw IPv6 scans.

Created: 2026-06-28 Last update: 2026-06-28 17:01

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2026-58058: Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a crafted IPv6 response with a truncated extension header can trigger out-of-bounds reads and a crash during raw IPv6 scans.

Created: 2026-06-28 Last update: 2026-06-28 17:01

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2026-58058: Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a crafted IPv6 response with a truncated extension header can trigger out-of-bounds reads and a crash during raw IPv6 scans.

Created: 2026-06-28 Last update: 2026-06-28 17:01

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2026-06-02 Last update: 2026-06-29 19:01

lintian reports 9 warnings normal

Lintian reports 9 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-04-10 Last update: 2026-05-27 12:01

AppStream hints: 2 warnings for zenmap normal

AppStream found metadata issues for packages:

zenmap: 2 warnings

You should get rid of them to provide more metadata about this software.

Created: 2024-02-12 Last update: 2025-02-02 04:30

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-04-10 Last update: 2026-04-10 12:31

debian/patches: 3 patches to forward upstream low

Among the 4 debian patches available in version 7.99+dfsg-1 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2026-04-09 17:01

testing migrations

This package will soon be part of the auto-liblinear transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2026-04-14] nmap 7.99+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-04-09] Accepted nmap 7.99+dfsg-1 (source) into unstable (Arnaud Rebillout)
[2025-11-06] Accepted nmap 7.98+dfsg-1~bpo13+1 (source amd64 all) into stable-backports (Debian FTP Masters) (signed by: Samuel Henrique)
[2025-11-04] nmap 7.98+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-10-29] Accepted nmap 7.98+dfsg-1 (source) into unstable (Samuel Henrique)
[2025-04-03] nmap 7.95+dfsg-3 MIGRATED to testing (Debian testing watch)
[2025-03-29] Accepted nmap 7.95+dfsg-3 (source) into unstable (Sven Geuer)
[2025-02-07] nmap 7.95+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-02-01] Accepted nmap 7.95+dfsg-2 (source) into unstable (Hilko Bengen)
[2024-12-05] nmap 7.95+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-12-02] Accepted nmap 7.94+git20230807.3be01efb1+dfsg-4~bpo12+1 (source amd64 all) into stable-backports (Debian FTP Masters) (signed by: Samuel Henrique)
[2024-11-29] Accepted nmap 7.95+dfsg-1 (source) into unstable (Hilko Bengen)
[2024-06-10] nmap 7.94+git20230807.3be01efb1+dfsg-4 MIGRATED to testing (Debian testing watch)
[2024-06-04] Accepted nmap 7.94+git20230807.3be01efb1+dfsg-4 (source) into unstable (Antonio Terceiro)
[2024-02-12] Accepted nmap 7.94+git20230807.3be01efb1+dfsg-3 (source amd64 all) into unstable (Debian FTP Masters) (signed by: Hilko Bengen)
[2023-11-03] nmap 7.94+git20230807.3be01efb1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-10-29] Accepted nmap 7.94+git20230807.3be01efb1+dfsg-2 (source) into unstable (Sergio de Almeida Cipriano Junior) (signed by: Samuel Henrique)
[2023-08-16] Accepted nmap 7.94+git20230807.3be01efb1+dfsg-1~bpo12+1 (source) into stable-backports (Samuel Henrique)
[2023-08-15] Accepted nmap 7.94+dfsg1-3~bpo12+1 (source amd64 all) into stable-backports (Debian FTP Masters) (signed by: Samuel Henrique)
[2023-08-13] nmap 7.94+git20230807.3be01efb1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-08-07] Accepted nmap 7.94+git20230807.3be01efb1+dfsg-1 (source) into unstable (Samuel Henrique)
[2023-08-07] Accepted nmap 7.94+dfsg1-4 (source) into unstable (Samuel Henrique)
[2023-08-02] nmap 7.94+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2023-07-27] Accepted nmap 7.94+dfsg1-3 (source) into unstable (Samuel Henrique)
[2023-07-04] Accepted nmap 7.94+dfsg1-2 (source) into unstable (Hilko Bengen)
[2023-06-13] Accepted nmap 7.94+dfsg1-1 (source) into unstable (Samuel Henrique)
[2023-05-28] Accepted nmap 7.94+dfsg1-1~exp1 (source) into experimental (Samuel Henrique)
[2023-01-22] Accepted nmap 7.93+dfsg1-1~bpo11+1 (source) into bullseye-backports (Samuel Henrique)
[2023-01-22] nmap 7.93+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2023-01-22] nmap 7.93+dfsg1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 13
RC: 0
I&N: 7
M&W: 6
F&P: 0
patch: 1

links

homepage
lintian (0, 9)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
screenshots
l10n (-, 80)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7.99+dfsg-1ubuntu1
patches for 7.99+dfsg-1ubuntu1