Debian Package Tracker

general

source: cimg (main)
version: 2.4.5+dfsg-1
maintainer: Debian Science Team (archive) (DMD)
uploaders: Andreas Tille [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.5.9+dfsg-1
oldstable: 1.7.9+dfsg-1
stable: 2.4.5+dfsg-1
testing: 2.4.5+dfsg-1
unstable: 2.4.5+dfsg-1

versioned links

1.5.9+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.7.9+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.5+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cimg-dev
cimg-doc
cimg-examples

action needed

A new upstream version is available: 2.7.1 high

A new upstream version 2.7.1 is available, you should consider packaging it.

Created: 2019-03-20 Last update: 2019-09-16 22:13

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2019-13568: CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.
CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.

Please fix them.

Created: 2018-03-02 Last update: 2019-09-03 19:28

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2019-13568: CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.
CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.

Please fix them.

Created: 2019-07-07 Last update: 2019-09-03 19:28

2 security issues in buster high

There are 2 open security issues in buster.

1 important issue:

CVE-2019-13568: CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.

1 issue skipped by the security teams:

CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.

Please fix them.

Created: 2018-03-02 Last update: 2019-09-03 19:28

9 security issues in jessie high

There are 9 open security issues in jessie.

1 important issue:

CVE-2019-1010174: CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.

8 issues skipped by the security teams:

CVE-2018-7640: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
CVE-2018-7639: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.
CVE-2018-7637: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.
CVE-2018-7638: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.
CVE-2018-7588: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
CVE-2018-7641: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.
CVE-2018-7589: An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.

Please fix them.

Created: 2018-03-02 Last update: 2019-09-03 19:28

10 security issues in stretch high

There are 10 open security issues in stretch.

2 important issues:

CVE-2019-1010174: CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.
CVE-2019-13568: CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.

8 issues skipped by the security teams:

CVE-2018-7640: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
CVE-2018-7639: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.
CVE-2018-7637: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.
CVE-2018-7638: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.
CVE-2018-7588: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
CVE-2018-7641: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.
CVE-2018-7589: An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.

Please fix them.

Created: 2018-03-02 Last update: 2019-09-03 19:28

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2016-11-07 Last update: 2019-09-16 20:11

lintian reports 20 warnings normal

Lintian reports 20 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-07-19 Last update: 2019-07-19 03:06

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-07-08 20:08

news

[rss feed]

[2019-02-04] cimg 2.4.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-01-30] Accepted cimg 2.4.5+dfsg-1 (source) into unstable (Andreas Tille)
[2018-09-24] cimg 2.3.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-09-18] Accepted cimg 2.3.6+dfsg-1 (source) into unstable (Andreas Tille)
[2017-06-30] cimg 1.7.9+dfsg-2 MIGRATED to testing (Debian testing watch)
[2017-06-25] Accepted cimg 1.7.9+dfsg-2 (source) into unstable (Mattia Rizzolo)
[2016-12-16] cimg 1.7.9+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-12-05] Accepted cimg 1.7.9+dfsg-1 (source all) into unstable (Andreas Tille)
[2016-11-04] cimg 1.7.8+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-10-28] Accepted cimg 1.7.8+dfsg-1 (source all) into unstable (Andreas Tille)
[2016-05-19] cimg REMOVED from testing (Debian testing watch)
[2016-01-10] cimg 1.6.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-01-09] cimg REMOVED from testing (Debian testing watch)
[2015-11-14] cimg 1.6.5+dfsg-1 MIGRATED to testing (Britney)
[2015-11-08] Accepted cimg 1.6.5+dfsg-1 (source all) into unstable (Andreas Tille)
[2015-07-20] cimg 1.6.4+dfsg-1 MIGRATED to testing (Britney)
[2015-07-14] Accepted cimg 1.6.4+dfsg-1 (source all) into unstable (Andreas Tille)
[2014-09-22] cimg 1.5.9+dfsg-1 MIGRATED to testing (Britney)
[2014-09-16] Accepted cimg 1.5.9+dfsg-1 (source all) into unstable (Andreas Tille)
[2014-02-09] cimg 1.5.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2014-01-29] Accepted cimg 1.5.7+dfsg-1 (source all) (Andreas Tille)
[2013-08-06] cimg 1.5.6-1 MIGRATED to testing (Debian testing watch)
[2013-07-26] Accepted cimg 1.5.6-1 (source all) (Andreas Tille)
[2012-03-31] cimg 1.4.9-2 MIGRATED to testing (Debian testing watch)
[2012-03-21] Accepted cimg 1.4.9-2 (source all) (Andreas Tille)
[2011-07-03] cimg 1.4.9-1 MIGRATED to testing (Debian testing watch)
[2011-06-22] Accepted cimg 1.4.9-1 (source all) (Andreas Tille)
[2011-03-27] cimg 1.4.8-1 MIGRATED to testing (Debian testing watch)
[2011-03-16] Accepted cimg 1.4.8-1 (source all) (Andreas Tille)
[2011-02-06] cimg 1.4.7-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 20)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.4.5+dfsg-1
1 bug