Register | Log in

cfitsio

Choose email to subscribe with

general

source: cfitsio (main)
version: 3.470-3
maintainer: Debian Astronomy Maintainers (archive) (DMD)
uploaders: Aurelien Jarno [DMD]
arch: all any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.370-2+deb8u1
oldstable: 3.410-1
stable: 3.450-3
testing: 3.470-3
unstable: 3.470-3

versioned links

3.370-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.410-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.450-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.470-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcfitsio-bin
libcfitsio-dev
libcfitsio-doc
libcfitsio8

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0h 0m 29s
Last run: 2019-09-16 21:19:37
Previous status: fail

testing: fail (log)
The tests ran in 0h 0m 37s
Last run: 2019-09-15 21:13:43
Previous status: fail

stable: pass (log)
The tests ran in 0h 0m 37s
Last run: 2019-08-25 09:33:16
Previous status: pass

Created: 2019-08-16 Last update: 2019-09-19 13:40

5 ignored security issues in jessie low

There are 5 open security issues in jessie.

5 issues skipped by the security teams:

CVE-2018-3849: In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
CVE-2019-1010060: NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.
CVE-2018-3848: In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
CVE-2018-3846: In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
CVE-2018-3847: Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.

Please fix them.

Created: 2018-04-09 Last update: 2019-08-18 07:38

5 ignored security issues in stretch low

There are 5 open security issues in stretch.

5 issues skipped by the security teams:

CVE-2018-3849: In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
CVE-2019-1010060: NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.
CVE-2018-3848: In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
CVE-2018-3846: In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
CVE-2018-3847: Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.

Please fix them.

Created: 2018-04-09 Last update: 2019-08-18 07:38

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2018-12-23 Last update: 2019-08-04 23:53

news

[2019-08-18] cfitsio 3.470-3 MIGRATED to testing (Debian testing watch)
[2019-08-04] Accepted cfitsio 3.470-3 (source) into unstable (Aurelien Jarno)
[2019-08-01] Accepted cfitsio 3.470-2 (source) into experimental (Aurelien Jarno)
[2019-08-01] Accepted cfitsio 3.470-1 (source amd64 all) into unstable, unstable (Aurelien Jarno)
[2018-11-23] cfitsio 3.450-3 MIGRATED to testing (Debian testing watch)
[2018-11-20] Accepted cfitsio 3.450-3 (source) into unstable (Aurelien Jarno)
[2018-10-08] cfitsio 3.450-2 MIGRATED to testing (Debian testing watch)
[2018-10-06] Accepted cfitsio 3.450-2 (source) into unstable (Aurelien Jarno)
[2018-07-10] cfitsio 3.430-3 MIGRATED to testing (Debian testing watch)
[2018-07-05] Accepted cfitsio 3.450-1 (source amd64 all) into experimental, experimental (Aurelien Jarno)
[2018-07-04] Accepted cfitsio 3.430-3 (source) into unstable (Aurelien Jarno)
[2018-07-04] Accepted cfitsio 3.440-3 (source) into experimental (Aurelien Jarno)
[2018-04-16] Accepted cfitsio 3.440-2 (source) into experimental (Aurelien Jarno)
[2018-04-15] Accepted cfitsio 3.440-1 (source amd64 all) into experimental, experimental (Aurelien Jarno)
[2018-04-12] cfitsio 3.430-2 MIGRATED to testing (Debian testing watch)
[2018-04-06] Accepted cfitsio 3.430-2 (source) into unstable (Aurelien Jarno)
[2018-03-24] cfitsio 3.430-1 MIGRATED to testing (Debian testing watch)
[2018-03-19] Accepted cfitsio 3.430-1 (source) into unstable (Aurelien Jarno)
[2017-10-02] cfitsio 3.420-3 MIGRATED to testing (Debian testing watch)
[2017-09-26] Accepted cfitsio 3.420-3 (source) into unstable (Aurelien Jarno)
[2017-09-24] Accepted cfitsio 3.420-2 (source) into unstable (Aurelien Jarno)
[2017-09-24] Accepted cfitsio 3.420-1 (source) into unstable (Aurelien Jarno)
[2017-06-30] Accepted cfitsio 3.370-2+deb8u1 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Aurelien Jarno)
[2016-12-31] cfitsio 3.410-1 MIGRATED to testing (Debian testing watch)
[2016-12-20] Accepted cfitsio 3.410-1 (source) into unstable (Aurelien Jarno)
[2016-10-26] cfitsio 3.390-2 MIGRATED to testing (Debian testing watch)
[2016-10-20] Accepted cfitsio 3.390-2 (source) into unstable (Aurelien Jarno)
[2016-10-17] Accepted cfitsio 3.390-1 (source amd64 all) into experimental, experimental (Aurelien Jarno)
[2016-03-03] cfitsio 3.380-2 MIGRATED to testing (Debian testing watch)
[2016-02-26] Accepted cfitsio 3.380-2 (source) into unstable (Aurelien Jarno)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.470-3
1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing