| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2021-35939 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was inco ... |
| CVE-2021-35938 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A symbolic link issue was found in rpm. It occurs when rpm sets the de ... |
| CVE-2021-35937 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A race condition vulnerability was found in rpm. A local unprivileged ... |
| CVE-2021-20271 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | A flaw was found in RPM's signature check functionality when reading a ... |
| CVE-2021-20266 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ... |
| CVE-2021-3521 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | There is a flaw in RPM's signature functionality. OpenPGP subkeys are ... |
| CVE-2021-3421 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | A flaw was found in the RPM package in the read functionality. This fl ... |
| Bug | Description |
|---|
| CVE-2014-8118 | Integer overflow in RPM 4.12 and earlier allows remote attackers to ex ... |
| CVE-2013-6435 | Race condition in RPM 4.11.1 and earlier allows remote attackers to ex ... |
| CVE-2012-6088 | The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 d ... |
| CVE-2012-0815 | The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 al ... |
| CVE-2012-0061 | The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not ... |
| CVE-2012-0060 | RPM before 4.9.1.3 does not properly validate region tags, which allow ... |
| CVE-2011-3378 | RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attack ... |
| CVE-2010-2197 | rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax o ... |
| CVE-2010-2059 | lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and R ... |
| CVE-2006-5466 | Heap-based buffer overflow in the showQueryPackage function in librpm ... |
| CVE-2005-4889 | lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ... |
| CVE-2005-2096 | zlib 1.2 and later versions allows remote attackers to cause a denial ... |