dpkg - Debian Package Tracker

general

source: dpkg (main)
version: 1.23.7
maintainer: Dpkg Developers (archive) (DMD)
uploaders: Guillem Jover [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.20.13
o-o-sec: 1.20.10
oldstable: 1.21.22
stable: 1.22.22
testing: 1.23.7
unstable: 1.23.7

versioned links

1.20.10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.20.13: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.21.22: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.22.22: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.23.7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dpkg (360 bugs: 0, 133, 227, 0)
dpkg-dev (152 bugs: 0, 46, 106, 0)
dselect (87 bugs: 0, 30, 57, 0)
libdpkg-dev (2 bugs: 0, 0, 2, 0)
libdpkg-perl (13 bugs: 0, 6, 7, 0)

action needed

28 bugs tagged patch in the BTS normal

The BTS contains patches fixing 28 bugs (36 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2026-03-25 01:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.23.8, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

 commit 84236bafefdf9aee6494dc4cd837a7b4055e2775 Author: Guillem Jover <guillem@debian.org> Date: Tue Mar 10 13:11:19 2026 +0100 libdpkg: Update suppressions for cppcheck 2.20.0 The new version generates a couple of new false positive, suppress them. Warned-by: cppcheck commit 9f22b74c0db0052f01c0394f445c6651a75bfe6d Author: Guillem Jover <guillem@debian.org> Date: Tue Mar 10 13:10:00 2026 +0100 src, lib: Reduce variables scope Warned-by: cppcheck 2.20.0 Changelog: internal commit 839df8f9226bac8455ee23014c179c17d812ae50 Author: Guillem Jover <guillem@debian.org> Date: Mon Mar 9 02:25:25 2026 +0100 scripts: Do not fail on empty Maintainer field from parsed changelog While this is invalid syntax (according to the documentation), we have accepted these kinds of entries up to now, and this was an unintentional change. Modify the code to handle them for now, while there's discussion on how to improve the notion of unfinalized changelog entries. Fixes: commit 37cf54ce95bf274278b2eeb47a49a4b3b3840612 Closes: #1130119 commit 3cb9b55946b01028760b9988ee9fdfc1f9934ce7 Author: Guillem Jover <guillem@debian.org> Date: Sat Mar 7 01:01:02 2026 +0100 Bump version to 1.23.8

Created: 2023-02-08 Last update: 2026-03-24 13:31

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2025-6297: (needs triaging) It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.
CVE-2026-2219: (needs triaging) It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-06-30 Last update: 2026-03-14 14:00

news

[rss feed]

[2026-03-09] dpkg 1.23.7 MIGRATED to testing (Debian testing watch)
[2026-03-07] Accepted dpkg 1.22.22 (source) into proposed-updates (Debian FTP Masters) (signed by: Guillem Jover)
[2026-03-07] Accepted dpkg 1.23.7 (source) into unstable (Guillem Jover)
[2026-03-05] Accepted dpkg 1.23.6 (source) into unstable (Guillem Jover)
[2026-01-25] dpkg 1.23.5 MIGRATED to testing (Debian testing watch)
[2026-01-23] Accepted dpkg 1.23.5 (source) into unstable (Guillem Jover)
[2026-01-18] Accepted dpkg 1.23.4 (source) into unstable (Guillem Jover)
[2026-01-08] dpkg 1.23.3 MIGRATED to testing (Debian testing watch)
[2025-12-20] Accepted dpkg 1.23.3 (source) into unstable (Guillem Jover)
[2025-12-18] Accepted dpkg 1.23.2 (source) into unstable (Guillem Jover)
[2025-12-17] Accepted dpkg 1.23.1 (source) into unstable (Guillem Jover)
[2025-12-16] Accepted dpkg 1.23.0 (source) into unstable (Guillem Jover)
[2025-07-09] dpkg 1.22.21 MIGRATED to testing (Debian testing watch)
[2025-07-02] Accepted dpkg 1.22.21 (source) into unstable (Guillem Jover)
[2025-06-10] dpkg 1.22.20 MIGRATED to testing (Debian testing watch)
[2025-06-04] Accepted dpkg 1.22.20 (source) into unstable (Guillem Jover)
[2025-05-30] dpkg 1.22.19 MIGRATED to testing (Debian testing watch)
[2025-05-18] Accepted dpkg 1.22.19 (source) into unstable (Guillem Jover)
[2025-03-14] dpkg 1.22.18 MIGRATED to testing (Debian testing watch)
[2025-03-09] Accepted dpkg 1.22.18 (source) into unstable (Guillem Jover)
[2025-03-07] Accepted dpkg 1.22.17 (source) into unstable (Guillem Jover)
[2025-03-07] Accepted dpkg 1.22.16 (source) into unstable (Guillem Jover)
[2025-02-10] dpkg 1.22.15 MIGRATED to testing (Debian testing watch)
[2025-02-04] dpkg 1.22.14 MIGRATED to testing (Debian testing watch)
[2025-02-03] Accepted dpkg 1.22.15 (source) into unstable (Guillem Jover)
[2025-01-16] Accepted dpkg 1.22.14 (source) into unstable (Guillem Jover)
[2025-01-03] Accepted dpkg 1.22.13 (source) into unstable (Guillem Jover)
[2025-01-01] Accepted dpkg 1.22.12 (source) into unstable (Guillem Jover)
[2024-08-04] dpkg 1.22.11 MIGRATED to testing (Debian testing watch)
[2024-08-01] Accepted dpkg 1.22.11 (source) into unstable (Guillem Jover)

bugs [bug history graph]

all: 481 619
RC: 0
I&N: 170 216
M&W: 309 401
F&P: 2
patch: 28 36

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (47, 65)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.23.6ubuntu2
468 bugs (7 patches)
patches for 1.23.6ubuntu2