Register | Log in

python-internetarchive

Choose email to subscribe with

general

source: python-internetarchive (main)
version: 5.4.0-1
maintainer: Antoine Beaupré (DMD) (LowNMU)
arch: all
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.9.9-1
oldstable: 3.3.0-1
stable: 5.4.0-1
testing: 5.4.0-1
unstable: 5.4.0-1

versioned links

1.9.9-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.3.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

internetarchive
python3-internetarchive

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-58438: internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the internetarchive library. The file.download() method does not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename could contain path traversal sequences (e.g., ../../../../windows/system32/file.txt) or illegal characters that, when processed, would cause the file to be written outside of the intended target directory. An attacker could potentially overwrite critical system files or application configuration files, leading to a denial of service, privilege escalation, or remote code execution, depending on the context in which the library is used. The vulnerability is particularly critical for users on Windows systems, but all operating systems are affected. This issue is fixed in version 5.5.1.

Created: 2025-09-06 Last update: 2025-09-07 22:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-58438: internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the internetarchive library. The file.download() method does not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename could contain path traversal sequences (e.g., ../../../../windows/system32/file.txt) or illegal characters that, when processed, would cause the file to be written outside of the intended target directory. An attacker could potentially overwrite critical system files or application configuration files, leading to a denial of service, privilege escalation, or remote code execution, depending on the context in which the library is used. The vulnerability is particularly critical for users on Windows systems, but all operating systems are affected. This issue is fixed in version 5.5.1.

Created: 2025-09-06 Last update: 2025-09-07 22:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-58438: internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the internetarchive library. The file.download() method does not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename could contain path traversal sequences (e.g., ../../../../windows/system32/file.txt) or illegal characters that, when processed, would cause the file to be written outside of the intended target directory. An attacker could potentially overwrite critical system files or application configuration files, leading to a denial of service, privilege escalation, or remote code execution, depending on the context in which the library is used. The vulnerability is particularly critical for users on Windows systems, but all operating systems are affected. This issue is fixed in version 5.5.1.

Created: 2025-09-06 Last update: 2025-09-07 22:00

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2025-58438: internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the internetarchive library. The file.download() method does not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename could contain path traversal sequences (e.g., ../../../../windows/system32/file.txt) or illegal characters that, when processed, would cause the file to be written outside of the intended target directory. An attacker could potentially overwrite critical system files or application configuration files, leading to a denial of service, privilege escalation, or remote code execution, depending on the context in which the library is used. The vulnerability is particularly critical for users on Windows systems, but all operating systems are affected. This issue is fixed in version 5.5.1.

Created: 2025-09-06 Last update: 2025-09-07 22:00

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2025-58438: internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the internetarchive library. The file.download() method does not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename could contain path traversal sequences (e.g., ../../../../windows/system32/file.txt) or illegal characters that, when processed, would cause the file to be written outside of the intended target directory. An attacker could potentially overwrite critical system files or application configuration files, leading to a denial of service, privilege escalation, or remote code execution, depending on the context in which the library is used. The vulnerability is particularly critical for users on Windows systems, but all operating systems are affected. This issue is fixed in version 5.5.1.

Created: 2025-09-06 Last update: 2025-09-07 22:00

A new upstream version is available: 5.5.0 high

A new upstream version 5.5.0 is available, you should consider packaging it.

Created: 2025-07-18 Last update: 2025-09-07 21:31

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2025-04-10 Last update: 2025-04-10 00:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.0).

Created: 2018-12-23 Last update: 2025-05-07 07:01

news

[2025-05-17] python-internetarchive 5.4.0-1 MIGRATED to testing (Debian testing watch)
[2025-05-06] Accepted python-internetarchive 5.4.0-1 (source) into unstable (Antoine Beaupré)
[2025-04-02] python-internetarchive 5.3.1-1 MIGRATED to testing (Debian testing watch)
[2025-03-27] Accepted python-internetarchive 5.3.1-1 (source) into unstable (Antoine Beaupré)
[2025-02-19] python-internetarchive 5.2.1-1 MIGRATED to testing (Debian testing watch)
[2025-02-13] Accepted python-internetarchive 5.2.1-1 (source) into unstable (Antoine Beaupré)
[2025-02-09] Accepted python-internetarchive 5.2.0-1 (source) into unstable (Antoine Beaupré)
[2025-01-14] python-internetarchive 5.1.0-1 MIGRATED to testing (Debian testing watch)
[2025-01-08] Accepted python-internetarchive 5.1.0-1 (source) into unstable (Antoine Beaupré)
[2024-12-28] python-internetarchive 5.0.5-1 MIGRATED to testing (Debian testing watch)
[2024-12-22] Accepted python-internetarchive 5.0.5-1 (source) into unstable (Antoine Beaupré)
[2024-11-18] python-internetarchive 5.0.2-1 MIGRATED to testing (Debian testing watch)
[2024-11-12] Accepted python-internetarchive 5.0.2-1 (source) into unstable (Antoine Beaupré)
[2024-04-20] python-internetarchive 3.7.0-1.1 MIGRATED to testing (Debian testing watch)
[2024-04-14] Accepted python-internetarchive 3.7.0-1.1 (source) into unstable (Alexandre Detiste)
[2024-04-01] python-internetarchive 3.7.0-1 MIGRATED to testing (Debian testing watch)
[2024-03-25] Accepted python-internetarchive 3.7.0-1 (source) into unstable (Antoine Beaupré)
[2024-01-10] python-internetarchive 3.5.0-1 MIGRATED to testing (Debian testing watch)
[2024-01-04] Accepted python-internetarchive 3.5.0-1 (source) into unstable (Antoine Beaupré)
[2023-02-06] python-internetarchive 3.3.0-1 MIGRATED to testing (Debian testing watch)
[2023-01-31] Accepted python-internetarchive 3.3.0-1 (source) into unstable (Antoine Beaupré)
[2023-01-26] Accepted python-internetarchive 3.2.0-1 (source) into unstable (Antoine Beaupré)
[2022-07-02] python-internetarchive 3.0.2-1 MIGRATED to testing (Debian testing watch)
[2022-06-26] Accepted python-internetarchive 3.0.2-1 (source) into unstable (Antoine Beaupré)
[2022-06-12] python-internetarchive 3.0.1-1 MIGRATED to testing (Debian testing watch)
[2022-06-06] Accepted python-internetarchive 3.0.1-1 (source) into unstable (Antoine Beaupré)
[2022-04-01] python-internetarchive 3.0.0-1 MIGRATED to testing (Debian testing watch)
[2022-03-21] Accepted python-internetarchive 3.0.0-1 (source) into unstable (Antoine Beaupré)
[2021-02-10] python-internetarchive 1.9.9-1 MIGRATED to testing (Debian testing watch)
[2021-02-05] Accepted python-internetarchive 1.9.9-1 (source) into unstable (Antoine Beaupré)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.4.0-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing