Debian Package Tracker

general

source: cimg (main)
version: 2.3.6+dfsg-1
maintainer: Debian Science Team (archive) [DMD]
uploaders: Andreas Tille [DMD]
arch: all
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.4.9-2
oldstable: 1.5.9+dfsg-1
stable: 1.7.9+dfsg-1
testing: 2.3.6+dfsg-1
unstable: 2.3.6+dfsg-1

versioned links

1.4.9-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5.9+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.7.9+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.3.6+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cimg-dev
cimg-doc
cimg-examples

action needed

A new upstream version is available: 2.4.2 high

A new upstream version 2.4.2 is available, you should consider packaging it.

Created: 2018-10-08 Last update: 2018-12-10 01:02

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.

Please fix it.

Created: 2018-03-02 Last update: 2018-09-24 07:48

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.

Please fix it.

Created: 2018-03-02 Last update: 2018-09-24 07:48

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2016-11-07 Last update: 2018-12-09 22:02

1 new commit since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.3.6+dfsg-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 7dfdaa83ad76fd8dd5deb909f994b2375af7ad5a
Author: Jelmer Vernooĳ <jelmer@jelmer.uk>
Date:   Wed Oct 17 22:22:32 2018 +0000

    Use secure copyright file specification URI.
    
    Fixes lintian: insecure-copyright-format-uri
    See https://lintian.debian.org/tags/insecure-copyright-format-uri.html for more details.

Created: 2018-10-18 Last update: 2018-12-09 22:01

lintian reports 20 warnings normal

Lintian reports 20 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2017-07-27 Last update: 2018-09-19 08:33

8 ignored security issues in stretch low

There are 8 open security issues in stretch.

8 issues skipped by the security teams:

CVE-2018-7589: An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7637: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.
CVE-2018-7638: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.
CVE-2018-7640: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
CVE-2018-7639: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.
CVE-2018-7641: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.
CVE-2018-7588: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.

Please fix them.

Created: 2018-03-02 Last update: 2018-09-24 07:48

8 ignored security issues in jessie low

There are 8 open security issues in jessie.

8 issues skipped by the security teams:

CVE-2018-7589: An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7637: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.
CVE-2018-7638: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.
CVE-2018-7640: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
CVE-2018-7639: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.
CVE-2018-7641: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.
CVE-2018-7588: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.

Please fix them.

Created: 2018-03-02 Last update: 2018-09-24 07:48

news

[rss feed]

[2018-09-24] cimg 2.3.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-09-18] Accepted cimg 2.3.6+dfsg-1 (source) into unstable (Andreas Tille)
[2017-06-30] cimg 1.7.9+dfsg-2 MIGRATED to testing (Debian testing watch)
[2017-06-25] Accepted cimg 1.7.9+dfsg-2 (source) into unstable (Mattia Rizzolo)
[2016-12-16] cimg 1.7.9+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-12-05] Accepted cimg 1.7.9+dfsg-1 (source all) into unstable (Andreas Tille)
[2016-11-04] cimg 1.7.8+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-10-28] Accepted cimg 1.7.8+dfsg-1 (source all) into unstable (Andreas Tille)
[2016-05-19] cimg REMOVED from testing (Debian testing watch)
[2016-01-10] cimg 1.6.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-01-09] cimg REMOVED from testing (Debian testing watch)
[2015-11-14] cimg 1.6.5+dfsg-1 MIGRATED to testing (Britney)
[2015-11-08] Accepted cimg 1.6.5+dfsg-1 (source all) into unstable (Andreas Tille)
[2015-07-20] cimg 1.6.4+dfsg-1 MIGRATED to testing (Britney)
[2015-07-14] Accepted cimg 1.6.4+dfsg-1 (source all) into unstable (Andreas Tille)
[2014-09-22] cimg 1.5.9+dfsg-1 MIGRATED to testing (Britney)
[2014-09-16] Accepted cimg 1.5.9+dfsg-1 (source all) into unstable (Andreas Tille)
[2014-02-09] cimg 1.5.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2014-01-29] Accepted cimg 1.5.7+dfsg-1 (source all) (Andreas Tille)
[2013-08-06] cimg 1.5.6-1 MIGRATED to testing (Debian testing watch)
[2013-07-26] Accepted cimg 1.5.6-1 (source all) (Andreas Tille)
[2012-03-31] cimg 1.4.9-2 MIGRATED to testing (Debian testing watch)
[2012-03-21] Accepted cimg 1.4.9-2 (source all) (Andreas Tille)
[2011-07-03] cimg 1.4.9-1 MIGRATED to testing (Debian testing watch)
[2011-06-22] Accepted cimg 1.4.9-1 (source all) (Andreas Tille)
[2011-03-27] cimg 1.4.8-1 MIGRATED to testing (Debian testing watch)
[2011-03-16] Accepted cimg 1.4.8-1 (source all) (Andreas Tille)
[2011-02-06] cimg 1.4.7-1 MIGRATED to testing (Debian testing watch)
[2011-01-22] Accepted cimg 1.4.7-1 (source all) (Andreas Tille)
[2010-11-19] Accepted cimg 1.4.6-1 (source all) (Andreas Tille)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 20)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.3.6+dfsg-1
1 bug