Debian Package Tracker
Register | Log in
Subscribe

cfitsio

Choose email to subscribe with

general
  • source: cfitsio (main)
  • version: 3.490-3
  • maintainer: Debian Astronomy Maintainers (archive) (DMD)
  • uploaders: Aurelien Jarno [DMD]
  • arch: all any
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 3.370-2+deb8u1
  • oldstable: 3.410-1
  • stable: 3.450-3
  • testing: 3.490-3
  • unstable: 3.490-3
versioned links
  • 3.370-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.410-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.450-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.470-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.490-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libcfitsio-bin
  • libcfitsio-dev
  • libcfitsio-doc
  • libcfitsio9
action needed
5 ignored security issues in stretch low
There are 5 open security issues in stretch.
5 issues skipped by the security teams:
  • CVE-2018-3846: In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
  • CVE-2018-3847: Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
  • CVE-2018-3848: In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
  • CVE-2018-3849: In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
  • CVE-2019-1010060: NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.
Please fix them.
Created: 2018-04-09 Last update: 2020-08-25 16:00
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2020-11-17 05:41
news
[rss feed]
  • [2020-08-26] cfitsio 3.490-3 MIGRATED to testing (Debian testing watch)
  • [2020-08-22] Accepted cfitsio 3.490-3 (source) into unstable (Aurelien Jarno)
  • [2020-08-22] Accepted cfitsio 3.490-2 (source) into unstable (Aurelien Jarno)
  • [2020-08-21] Accepted cfitsio 3.490-1 (source) into experimental (Aurelien Jarno)
  • [2020-07-06] Accepted cfitsio 3.480-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Aurelien Jarno)
  • [2020-04-03] cfitsio 3.470-4 MIGRATED to testing (Debian testing watch)
  • [2020-03-31] Accepted cfitsio 3.470-4 (source) into unstable (Aurelien Jarno)
  • [2019-08-18] cfitsio 3.470-3 MIGRATED to testing (Debian testing watch)
  • [2019-08-04] Accepted cfitsio 3.470-3 (source) into unstable (Aurelien Jarno)
  • [2019-08-01] Accepted cfitsio 3.470-2 (source) into experimental (Aurelien Jarno)
  • [2019-08-01] Accepted cfitsio 3.470-1 (source amd64 all) into unstable, unstable (Aurelien Jarno)
  • [2018-11-23] cfitsio 3.450-3 MIGRATED to testing (Debian testing watch)
  • [2018-11-20] Accepted cfitsio 3.450-3 (source) into unstable (Aurelien Jarno)
  • [2018-10-08] cfitsio 3.450-2 MIGRATED to testing (Debian testing watch)
  • [2018-10-06] Accepted cfitsio 3.450-2 (source) into unstable (Aurelien Jarno)
  • [2018-07-10] cfitsio 3.430-3 MIGRATED to testing (Debian testing watch)
  • [2018-07-05] Accepted cfitsio 3.450-1 (source amd64 all) into experimental, experimental (Aurelien Jarno)
  • [2018-07-04] Accepted cfitsio 3.430-3 (source) into unstable (Aurelien Jarno)
  • [2018-07-04] Accepted cfitsio 3.440-3 (source) into experimental (Aurelien Jarno)
  • [2018-04-16] Accepted cfitsio 3.440-2 (source) into experimental (Aurelien Jarno)
  • [2018-04-15] Accepted cfitsio 3.440-1 (source amd64 all) into experimental, experimental (Aurelien Jarno)
  • [2018-04-12] cfitsio 3.430-2 MIGRATED to testing (Debian testing watch)
  • [2018-04-06] Accepted cfitsio 3.430-2 (source) into unstable (Aurelien Jarno)
  • [2018-03-24] cfitsio 3.430-1 MIGRATED to testing (Debian testing watch)
  • [2018-03-19] Accepted cfitsio 3.430-1 (source) into unstable (Aurelien Jarno)
  • [2017-10-02] cfitsio 3.420-3 MIGRATED to testing (Debian testing watch)
  • [2017-09-26] Accepted cfitsio 3.420-3 (source) into unstable (Aurelien Jarno)
  • [2017-09-24] Accepted cfitsio 3.420-2 (source) into unstable (Aurelien Jarno)
  • [2017-09-24] Accepted cfitsio 3.420-1 (source) into unstable (Aurelien Jarno)
  • [2017-06-30] Accepted cfitsio 3.370-2+deb8u1 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Aurelien Jarno)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.490-3
  • 1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing