Information on source package rpm

Available versions

ReleaseVersion
buster4.14.2.1+dfsg1-1
bullseye4.16.1.2+dfsg1-3
bookworm4.18.0+dfsg-1
sid4.18.0+dfsg-1

Open issues

BugbusterbullseyebookwormsidDescription
CVE-2021-35939vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableIt was found that the fix for CVE-2017-7500 and CVE-2017-7501 was inco ...
CVE-2021-35938vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableA symbolic link issue was found in rpm. It occurs when rpm sets the de ...
CVE-2021-35937vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableA race condition vulnerability was found in rpm. A local unprivileged ...
CVE-2021-20271vulnerable (no DSA)fixedfixedfixedA flaw was found in RPM's signature check functionality when reading a ...
CVE-2021-20266vulnerable (no DSA)fixedfixedfixedA flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ...
CVE-2021-3521vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a flaw in RPM's signature functionality. OpenPGP subkeys are ...
CVE-2021-3421vulnerable (no DSA)fixedfixedfixedA flaw was found in the RPM package in the read functionality. This fl ...

Open unimportant issues

BugbusterbullseyebookwormsidDescription
CVE-2017-7501vulnerablevulnerablevulnerablevulnerableIt was found that versions of rpm before 4.13.0.2 use temporary files ...
CVE-2017-7500vulnerablevulnerablevulnerablevulnerableIt was found that rpm did not properly handle RPM installations when a ...
CVE-2010-2199vulnerablevulnerablevulnerablevulnerablelib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...
CVE-2010-2198vulnerablevulnerablevulnerablevulnerablelib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...

Resolved issues

BugDescription
CVE-2014-8118CVE-2014-8118 rpm: integer overflow and stack overflow in CPIO header ...
CVE-2013-6435It was found that RPM wrote file contents to the target installation d ...
CVE-2012-6088The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 d ...
CVE-2012-0815The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 al ...
CVE-2012-0061The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not ...
CVE-2012-0060RPM before 4.9.1.3 does not properly validate region tags, which allow ...
CVE-2011-3378CVE-2011-3378 rpm: crashes and overflows on malformed header ...
CVE-2010-2197rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax o ...
CVE-2010-2059CVE-2010-2059 rpm: fails to drop SUID/SGID bits on package upgrade ...
CVE-2006-5466CVE-2006-5466 RPM Crash after listing contents of non-installed packag ...
CVE-2005-4889lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ...
CVE-2005-2096CVE-2005-2096 zlib DoS ...

Security announcements

DSA / DLADescription
DLA-140-1rpm - security update
DSA-3129-1rpm - security update
Search for package or bug name: Reporting problems