zlib - Debian Package Tracker

general

source: zlib (main)
version: 1:1.3.dfsg+really1.3.2-3
maintainer: Mark Brown (DMD)
arch: any
std-ver: 4.6.1
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:1.2.11.dfsg-2+deb11u2
o-o-sec: 1:1.2.11.dfsg-2+deb11u2
oldstable: 1:1.2.13.dfsg-1
stable: 1:1.3.dfsg+really1.3.1-1
testing: 1:1.3.dfsg+really1.3.1-3
unstable: 1:1.3.dfsg+really1.3.2-3

versioned links

1:1.2.11.dfsg-2+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.2.13.dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.3.dfsg+really1.3.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.3.dfsg+really1.3.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.3.dfsg+really1.3.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

lib32z1
lib32z1-dev
lib64z1
lib64z1-dev
libminizip-dev
libminizip1t64
libn32z1
libn32z1-dev
minizip (4 bugs: 0, 1, 3, 0)
zlib1g (5 bugs: 0, 2, 3, 0)
zlib1g-dev (4 bugs: 0, 1, 3, 0)
zlib1g-udeb

action needed

lintian reports 1 error and 4 warnings high

Lintian reports 1 error and 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-04-02 Last update: 2026-04-02 09:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-27171: zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Created: 2026-02-18 Last update: 2026-04-02 04:32

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 10-day delay is over. Check why.

Created: 2026-04-12 Last update: 2026-04-15 05:01

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2026-04-06 Last update: 2026-04-15 05:00

debian/patches: 2 patches to forward upstream low

Among the 2 debian patches available in version 1:1.3.dfsg+really1.3.2-3 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2026-03-31 Last update: 2026-04-02 09:33

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-27171: (needs triaging) zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-02-18 Last update: 2026-04-02 04:32

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-27171: (needs triaging) zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:

CVE-2023-45853: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Created: 2023-12-09 Last update: 2026-04-02 04:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.6.1).

Created: 2022-12-17 Last update: 2026-04-02 07:32

testing migrations

This package is part of the ongoing testing transition known as s390-31-bit-rm. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for zlib (1:1.3.dfsg+really1.3.1-3 to 1:1.3.dfsg+really1.3.2-3): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Autopkgtest for aevol/9.3.0-1: amd64: Ignored failure ♻ (reference ♻), arm64: Ignored failure ♻ (reference ♻), ppc64el: Ignored failure ♻ (reference ♻), riscv64: Ignored failure ♻ (reference ♻), s390x: Test triggered (failure will be ignored)
- ∙ ∙ Autopkgtest for binutils/2.46-3: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for burp/3.1.4-5: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), riscv64: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- ∙ ∙ Autopkgtest for clamav/1.4.3+dfsg-2: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Failed (not a regression) ♻ (reference ♻), riscv64: Failed (not a regression) ♻ (reference ♻), s390x: Failed (not a regression) ♻ (reference ♻)
- ∙ ∙ Autopkgtest for cmake/4.3.1-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for cyrus-imapd/3.12.2-1: amd64: Pass, arm64: Test triggered (failure will be ignored), i386: Failed (not a regression) ♻ (reference ♻), ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Autopkgtest for dcmtk/3.7.0+really3.6.9-1: s390x: Pass ♻
- ∙ ∙ Autopkgtest for haskell-futhark/0.25.32-3: amd64: Pass, arm64: Pass, i386: No tests, superficial or marked flaky ♻, ppc64el: Pass, riscv64: Test triggered (failure will be ignored), s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for kicad/9.0.8+dfsg-1: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻, i386: No tests, superficial or marked flaky ♻, ppc64el: No tests, superficial or marked flaky ♻, riscv64: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for libreoffice/4:26.2.2.2-3: amd64: Pass, arm64: Test triggered (failure will be ignored), i386: Test triggered (failure will be ignored), ppc64el: Pass, riscv64: Failed (not a regression) ♻ (reference ♻), s390x: Pass
- ∙ ∙ Autopkgtest for nmap/7.99+dfsg-1: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻, i386: No tests, superficial or marked flaky ♻, ppc64el: No tests, superficial or marked flaky ♻, riscv64: No tests, superficial or marked flaky ♻, s390x: Test triggered
- ∙ ∙ Autopkgtest for nodejs/22.22.2+dfsg+~cs22.19.15-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for openbabel/3.1.1+dfsg-14: amd64: Pass, arm64: Test triggered (failure will be ignored), i386: Pass, ppc64el: Test triggered (failure will be ignored), riscv64: Test triggered (failure will be ignored), s390x: Test triggered (failure will be ignored)
- ∙ ∙ Autopkgtest for openjdk-21/21.0.11~8ea-1: amd64: Pass ♻, i386: Pass ♻, s390x: Pass ♻
- ∙ ∙ Autopkgtest for openjdk-21: arm64: Test triggered (failure will be ignored), ppc64el: Test triggered (failure will be ignored), riscv64: Test triggered (failure will be ignored)
- ∙ ∙ Autopkgtest for openjdk-25/25.0.3~7ea-2: amd64: Pass ♻ (reference ♻), i386: Pass ♻ (reference ♻), s390x: Pass ♻
- ∙ ∙ Autopkgtest for openjdk-25: arm64: Test triggered (failure will be ignored), ppc64el: Test triggered (failure will be ignored), riscv64: Test triggered (failure will be ignored)
- ∙ ∙ Autopkgtest for openjdk-26: arm64: Test triggered (failure will be ignored), ppc64el: Test triggered (failure will be ignored), riscv64: Test triggered (failure will be ignored)
- ∙ ∙ Autopkgtest for opensaml/3.3.1-4: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for ostree/2025.7-3: s390x: Pass ♻
- ∙ ∙ Autopkgtest for pciutils/1:3.15.0-1: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻, i386: No tests, superficial or marked flaky ♻, ppc64el: No tests, superficial or marked flaky ♻, riscv64: Regression ♻ (reference ♻), s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for php8.4/8.4.16-1: ppc64el: Pass ♻, s390x: Pass ♻
- ∙ ∙ Autopkgtest for python3.13/3.13.12-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for python3.14/3.14.3-3: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for rnp/0.18.1-1: s390x: Pass ♻
- ∙ ∙ Autopkgtest for seafile/9.0.16-1: s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for thunderbird/1:140.9.0esr-1: amd64: Pass, arm64: Test triggered (failure will be ignored), i386: Pass, ppc64el: No tests, superficial or marked flaky ♻, riscv64: Test triggered (failure will be ignored)
- ∙ ∙ Autopkgtest for zlib/1:1.3.dfsg+really1.3.2-3: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/z/zlib.html
- ∙ ∙ Reproduced on amd64
- ∙ ∙ Reproduced on arm64
- ∙ ∙ Reproduced on armhf
- ∙ ∙ Reproduced on i386
- ∙ ∙ Reproduced on ppc64el
- ∙ ∙ 13 days old (needed 10 days)
- Not considered

news

[rss feed]

[2026-04-01] Accepted zlib 1:1.3.dfsg+really1.3.2-3 (source) into unstable (Mark Brown)
[2026-03-30] Accepted zlib 1:1.3.dfsg+really1.3.2-2 (source) into unstable (Mark Brown)
[2026-03-26] Accepted zlib 1:1.3.dfsg+really1.3.2-1 (source) into unstable (Mark Brown)
[2026-02-21] zlib 1:1.3.dfsg+really1.3.1-3 MIGRATED to testing (Debian testing watch)
[2026-02-16] Accepted zlib 1:1.3.dfsg+really1.3.1-3 (source) into unstable (Mark Brown)
[2026-01-31] Accepted zlib 1:1.3.dfsg+really1.3.1-2 (source) into unstable (Mark Brown)
[2024-05-20] zlib 1:1.3.dfsg+really1.3.1-1 MIGRATED to testing (Debian testing watch)
[2024-05-10] Accepted zlib 1:1.3.dfsg+really1.3.1-1 (source) into unstable (Mark Brown)
[2024-04-27] zlib 1:1.3.dfsg-3.1 MIGRATED to testing (Debian testing watch)
[2024-03-01] Accepted zlib 1:1.3.dfsg-3.1 (source) into unstable (Benjamin Drung)
[2024-02-05] Accepted zlib 1:1.3.dfsg-3.1~exp1 (source) into experimental (Steve Langasek)
[2023-12-23] zlib 1:1.3.dfsg-3 MIGRATED to testing (Debian testing watch)
[2023-12-22] zlib 1:1.3.dfsg-3 MIGRATED to testing (Debian testing watch)
[2023-11-23] Accepted zlib 1:1.3.dfsg-3 (source) into unstable (Mark Brown)
[2023-11-17] Accepted zlib 1:1.3.dfsg-2 (source) into unstable (Mark Brown)
[2023-11-17] Accepted zlib 1:1.3.dfsg-1 (source) into unstable (Mark Brown)
[2023-08-24] zlib 1:1.2.13.dfsg-3 MIGRATED to testing (Debian testing watch)
[2023-08-15] Accepted zlib 1:1.2.13.dfsg-3 (source) into unstable (Mark Brown)
[2023-08-14] Accepted zlib 1:1.2.13.dfsg-2 (source) into unstable (Mark Brown)
[2022-12-12] zlib 1:1.2.13.dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-11-05] Accepted zlib 1:1.2.13.dfsg-1 (source) into unstable (Mark Brown)
[2022-09-12] Accepted zlib 1:1.2.11.dfsg-1+deb10u2 (source) into oldstable (Emilio Pozuelo Monfort)
[2022-08-26] Accepted zlib 1:1.2.11.dfsg-2+deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-08-25] Accepted zlib 1:1.2.11.dfsg-2+deb11u2 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-08-23] zlib 1:1.2.11.dfsg-4.1 MIGRATED to testing (Debian testing watch)
[2022-08-17] Accepted zlib 1:1.2.11.dfsg-4.1 (source) into unstable (Salvatore Bonaccorso)
[2022-04-17] Accepted zlib 1:1.2.11.dfsg-1+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-04-17] Accepted zlib 1:1.2.11.dfsg-2+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-04-02] Accepted zlib 1:1.2.8.dfsg-5+deb9u1 (source) into oldoldstable (Anton Gladky)
[2022-04-01] Accepted zlib 1:1.2.11.dfsg-2+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)

bugs [bug history graph]

all: 17 18
RC: 0
I&N: 6
M&W: 11 12
F&P: 0
patch: 1

links

homepage
lintian (1, 4)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:1.3.dfsg+really1.3.1-1ubuntu3
26 bugs (2 patches)
patches for 1:1.3.dfsg+really1.3.1-1ubuntu3