Debian Package Tracker
Register | Log in
Subscribe

filezilla

Full-featured graphical FTP/FTPS/SFTP client

Choose email to subscribe with

general
  • source: filezilla (main)
  • version: 3.69.6-2
  • maintainer: Andreas Rönnquist (DMD)
  • arch: all any
  • std-ver: 4.7.3
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 3.52.2-3+deb11u1
  • oldstable: 3.63.0-1+deb12u3
  • stable: 3.68.1-1
  • testing: 3.69.6-2
  • unstable: 3.69.6-2
versioned links
  • 3.52.2-3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.63.0-1+deb12u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.68.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.69.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • filezilla (2 bugs: 0, 1, 1, 0)
  • filezilla-common (1 bugs: 0, 0, 1, 0)
action needed
Problems while searching for a new upstream version high
uscan had problems while searching for a new upstream version:
In debian/watch no matching files for watch source
  https://download.filezilla-project.org/client/
Created: 2025-11-26 Last update: 2026-07-12 23:31
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 3.70.6-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit 508703ea95588951df3c5282b9667da43269c718
Author: Michael Lloyd <michael@micl.dev>
Date:   Wed Jul 8 10:08:48 2026 +1000

    d/changelog: Document 3.70.6-1 release

commit f5c62514fd56cd1ae9ad0a6b572b1fd625497fb6
Author: Michael Lloyd <michael@micl.dev>
Date:   Wed Jul 8 10:08:41 2026 +1000

    d/copyright: Document licenses of the autotools build files

commit a26c349bb0d7121bbc1341334fbb72a9145cdb1a
Author: Michael Lloyd <michael@micl.dev>
Date:   Wed Jul 8 01:11:51 2026 +1000

    d/control: Bump libfilezilla-dev to 0.56.1 and libfzssh-dev to 1.3.0

commit 21078653db6dce5c020cd43b8ddb8e75ee85fbbf
Author: Michael Lloyd <michael@micl.dev>
Date:   Wed Jul 8 01:11:27 2026 +1000

    d/patches: Refresh xdg-check patch for 3.70.6

commit fbe7dfe867791626e8936057268b3b17e82f84be
Merge: f1583f2 c310740
Author: Michael Lloyd <michael@micl.dev>
Date:   Wed Jul 8 00:49:48 2026 +1000

    Update upstream source from tag 'upstream/3.70.6'
    
    Update to upstream version '3.70.6'
    with Debian dir 13ee0fe998c8d53c258e7032aa5172d0c40f1b7c

commit f1583f2df836ec4cea390d3892e3c1ff7c1ac87a
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 20:20:00 2026 +1000

    d/changelog: Update for 3.70.4-1 release

commit b367453dbfc0dfd33b150b6c5d0cc42bd54dea77
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 20:19:36 2026 +1000

    d/rules: Install AppStream metainfo file with reverse-DNS filename

commit 00d45c83d948466b2a0cd15694cec2810ff299bf
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 20:03:41 2026 +1000

    d/patches: Fix AppStream component ID to use reverse-DNS format

commit 4958eac15543653bcf49e7e62c998366e41f3d71
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 19:29:35 2026 +1000

    d/upstream/metadata: Add Contact field

commit 69d5902b66a41b2b48f93ea13fadc6720d2d6df4
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 19:28:30 2026 +1000

    d/salsa-ci.yml: Add Salsa CI configuration

commit 21f6349b318b7e7257b6c5f8e3c4368dd96fb200
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 19:22:44 2026 +1000

    d/copyright: Add new maintainer

commit fd2faa991c14418c95d0ec95a857be509861aa2d
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 19:21:51 2026 +1000

    d/copyright: Drop redundant 'Copyright (C)' prefix from Copyright fields

commit 516eb43d426106aea75c8b57309598234e35879d
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 19:21:20 2026 +1000

    d/copyright: Update pugixml copyright years to 2006-2022

commit 1fc4500a40545da52d79cbc52d6142b412c74a5e
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 19:17:07 2026 +1000

    d/copyright: Rename MIT license identifier to Expat

commit d8da7d60e007d78df580ce3131b333b4bfff096c
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 19:16:08 2026 +1000

    d/copyright: Drop src/putty stanzas

commit 986e3e12bcc5838bae4be284253cdad47f1cd6f7
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 19:07:47 2026 +1000

    d/copyright: Switch upstream license from GPL-2+ to GPL-3+

commit 4652e4790f633dcb10096a7bba193ee6c35d2dac
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 18:49:03 2026 +1000

    d/control: Update Build-Depends for filezilla 3.70.x

commit 049c824229d48c88f6d049e5cace3c2873945ffb
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 18:47:13 2026 +1000

    d/control: Bump Standards-Version to 4.7.4

commit fb9101b71931c3aa3994c56bb8bdbb62d3d9f65a
Author: Michael Lloyd <michael@micl.dev>
Date:   Wed Jul 8 10:29:05 2026 +1000

    d/control: Update to new maintainer

commit c31074032106554d31b52b3b2c71eaf6c248211a
Author: Michael Lloyd <michael@micl.dev>
Date:   Wed Jul 8 00:49:15 2026 +1000

    New upstream version 3.70.6

commit c275120e788a749886e14a844ee320a163a96e25
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 18:33:36 2026 +1000

    d/patches: Refresh fzshellext patch for 3.70.4

commit 34f3895fe2a4bae4846d09222877ef63f6226123
Merge: 5a819dc e030e2c
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 18:16:38 2026 +1000

    Update upstream source from tag 'upstream/3.70.4'
    
    Update to upstream version '3.70.4'
    with Debian dir a2b13f3c24937b4b35ce065edd47ca65bb6d68f2

commit e030e2c36b034fff8415c1f769214fbfbf330a8e
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 18:16:12 2026 +1000

    New upstream version 3.70.4

commit 5a819dce18583331fe1cc2f14394996396255a7f
Author: Michael Lloyd <michael@micl.dev>
Date:   Sat Apr 25 12:34:24 2026 +1000

    d/watch: Mark Untrackable as upstream uses encrypted CDN URLs
Created: 2026-07-08 Last update: 2026-07-08 03:30
ITA: Someone intends to adopt this package. normal
This package has been orphaned, but someone intends to maintain it. Please see bug number #1133158 for more information.
Created: 2026-04-10 Last update: 2026-04-17 07:32
lintian reports 1 warning normal
Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.
Created: 2026-03-09 Last update: 2026-03-09 05:30
AppStream hints: 1 warning for filezilla normal
AppStream found metadata issues for packages:
  • filezilla: 1 warning
You should get rid of them to provide more metadata about this software.
Created: 2024-01-27 Last update: 2025-11-15 13:34
1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:
  • CVE-2024-31497: (needs triaging) In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-12-30 Last update: 2026-04-28 19:02
debian/patches: 1 patch to forward upstream low

Among the 2 debian patches available in version 3.69.6-2 of the package, we noticed the following issues:

  • 1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2026-03-09 07:00
Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-02-16 Last update: 2026-02-16 10:55
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).
Created: 2026-03-31 Last update: 2026-03-31 15:01
testing migrations
  • This package is part of the ongoing testing transition known as auto-libfilezilla. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2026-03-14] filezilla 3.69.6-2 MIGRATED to testing (Debian testing watch)
  • [2026-03-08] Accepted filezilla 3.69.6-2 (source) into unstable (Andreas Rönnquist)
  • [2026-02-20] filezilla 3.69.6-1 MIGRATED to testing (Debian testing watch)
  • [2026-02-15] Accepted filezilla 3.69.6-1 (source) into unstable (Andreas Rönnquist)
  • [2025-11-20] filezilla 3.69.5-1 MIGRATED to testing (Debian testing watch)
  • [2025-11-14] Accepted filezilla 3.69.5-1 (source) into unstable (Andreas Rönnquist)
  • [2025-08-21] filezilla 3.69.3-1 MIGRATED to testing (Debian testing watch)
  • [2025-08-14] Accepted filezilla 3.69.3-1 (source) into unstable (Andreas Rönnquist)
  • [2025-01-03] filezilla 3.68.1-1 MIGRATED to testing (Debian testing watch)
  • [2024-12-28] Accepted filezilla 3.68.1-1 (source) into unstable (Andreas Rönnquist)
  • [2024-11-06] filezilla 3.68.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-10-31] Accepted filezilla 3.68.0-1 (source) into unstable (Andreas Rönnquist)
  • [2024-10-31] filezilla 3.68.0~rc1-1 MIGRATED to testing (Debian testing watch)
  • [2024-10-23] Accepted filezilla 3.68.0~rc1-1 (source) into unstable (Andreas Rönnquist)
  • [2024-07-29] filezilla 3.67.1-2 MIGRATED to testing (Debian testing watch)
  • [2024-07-23] Accepted filezilla 3.67.1-2 (source) into unstable (Andreas Rönnquist)
  • [2024-07-17] filezilla 3.67.1-1 MIGRATED to testing (Debian testing watch)
  • [2024-07-11] Accepted filezilla 3.67.1-1 (source) into unstable (Andreas Rönnquist)
  • [2024-07-09] filezilla 3.67.1~rc1-1 MIGRATED to testing (Debian testing watch)
  • [2024-07-03] Accepted filezilla 3.67.1~rc1-1 (source) into unstable (Andreas Rönnquist)
  • [2024-05-08] filezilla 3.67.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-04-18] Accepted filezilla 3.67.0-1 (source) into unstable (Phil Wyett)
  • [2024-02-28] filezilla 3.66.5-2 MIGRATED to testing (Debian testing watch)
  • [2024-02-13] Accepted filezilla 3.66.5-2 (source) into unstable (Phil Wyett)
  • [2024-02-13] Accepted filezilla 3.66.5-1 (source) into unstable (Phil Wyett)
  • [2024-01-19] filezilla 3.66.4-2 MIGRATED to testing (Debian testing watch)
  • [2024-01-14] Accepted filezilla 3.66.4-2 (source) into unstable (Phil Wyett)
  • [2024-01-08] Accepted filezilla 3.52.2-3+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Gianfranco Costamagna)
  • [2024-01-08] Accepted filezilla 3.63.0-1+deb12u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Gianfranco Costamagna)
  • [2023-12-27] filezilla 3.66.4-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 3
  • RC: 0
  • I&N: 1
  • M&W: 2
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 1)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • other distros
  • security tracker
  • screenshots
  • l10n (-, 99)
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.69.6-2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing
Advertisement
Advertisement