Information on source package rpm

Available versions

ReleaseVersion
buster4.14.2.1+dfsg1-1
bullseye4.16.1.2+dfsg1-3
bookworm4.17.1.1+dfsg-1
sid4.17.1.1+dfsg-1

Open issues

BugbusterbullseyebookwormsidDescription
CVE-2021-35939vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableIt was found that the fix for CVE-2017-7500 and CVE-2017-7501 was inco ...
CVE-2021-35938vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableA symbolic link issue was found in rpm. It occurs when rpm sets the de ...
CVE-2021-35937vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableA race condition vulnerability was found in rpm. A local unprivileged ...
CVE-2021-20271vulnerable (no DSA)fixedfixedfixedA flaw was found in RPM's signature check functionality when reading a ...
CVE-2021-20266vulnerable (no DSA)fixedfixedfixedA flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ...
CVE-2021-3521vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a flaw in RPM's signature functionality. OpenPGP subkeys are ...
CVE-2021-3421vulnerable (no DSA)fixedfixedfixedA flaw was found in the RPM package in the read functionality. This fl ...

Open unimportant issues

BugbusterbullseyebookwormsidDescription
CVE-2017-7501vulnerablevulnerablevulnerablevulnerableIt was found that versions of rpm before 4.13.0.2 use temporary files ...
CVE-2017-7500vulnerablevulnerablevulnerablevulnerableIt was found that rpm did not properly handle RPM installations when a ...
CVE-2010-2199vulnerablevulnerablevulnerablevulnerablelib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...
CVE-2010-2198vulnerablevulnerablevulnerablevulnerablelib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...

Resolved issues

BugDescription
CVE-2014-8118Integer overflow in RPM 4.12 and earlier allows remote attackers to ex ...
CVE-2013-6435Race condition in RPM 4.11.1 and earlier allows remote attackers to ex ...
CVE-2012-6088The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 d ...
CVE-2012-0815The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 al ...
CVE-2012-0061The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not ...
CVE-2012-0060RPM before 4.9.1.3 does not properly validate region tags, which allow ...
CVE-2011-3378RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attack ...
CVE-2010-2197rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax o ...
CVE-2010-2059lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and R ...
CVE-2006-5466Heap-based buffer overflow in the showQueryPackage function in librpm ...
CVE-2005-4889lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ...
CVE-2005-2096zlib 1.2 and later versions allows remote attackers to cause a denial ...

Security announcements

DSA / DLADescription
DLA-140-1rpm - security update
DSA-3129-1rpm - security update
Search for package or bug name: Reporting problems