| Release | Version |
|---|---|
| bullseye | 4.16.1.2+dfsg1-3 |
| bookworm | 4.18.0+dfsg-1+deb12u1 |
| trixie | 4.19.1.1+dfsg-1 |
| sid | 4.19.1.1+dfsg-1 |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2021-35939 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was inco ... |
| CVE-2021-35938 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A symbolic link issue was found in rpm. It occurs when rpm sets the de ... |
| CVE-2021-35937 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A race condition vulnerability was found in rpm. A local unprivileged ... |
| CVE-2021-3521 | vulnerable (no DSA) | fixed | fixed | fixed | There is a flaw in RPM's signature functionality. OpenPGP subkeys are ... |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2017-7501 | vulnerable | vulnerable | vulnerable | vulnerable | It was found that versions of rpm before 4.13.0.2 use temporary files ... |
| CVE-2017-7500 | vulnerable | vulnerable | vulnerable | vulnerable | It was found that rpm did not properly handle RPM installations when a ... |
| CVE-2010-2199 | vulnerable | vulnerable | vulnerable | vulnerable | lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ... |
| CVE-2010-2198 | vulnerable | vulnerable | vulnerable | vulnerable | lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ... |
| Bug | Description |
|---|---|
| CVE-2021-20271 | A flaw was found in RPM's signature check functionality when reading a ... |
| CVE-2021-20266 | A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ... |
| CVE-2021-3421 | A flaw was found in the RPM package in the read functionality. This fl ... |
| CVE-2014-8118 | Integer overflow in RPM 4.12 and earlier allows remote attackers to ex ... |
| CVE-2013-6435 | Race condition in RPM 4.11.1 and earlier allows remote attackers to ex ... |
| CVE-2012-6088 | The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 d ... |
| CVE-2012-0815 | The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 al ... |
| CVE-2012-0061 | The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not ... |
| CVE-2012-0060 | RPM before 4.9.1.3 does not properly validate region tags, which allow ... |
| CVE-2011-3378 | RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attack ... |
| CVE-2010-2197 | rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax o ... |
| CVE-2010-2059 | lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and R ... |
| CVE-2006-5466 | Heap-based buffer overflow in the showQueryPackage function in librpm ... |
| CVE-2005-4889 | lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ... |
| CVE-2005-2096 | zlib 1.2 and later versions allows remote attackers to cause a denial ... |
| DSA / DLA | Description |
|---|---|
| DLA-140-1 | rpm - security update |
| DSA-3129-1 | rpm - security update |