freeimage - Debian Package Tracker

general

source: freeimage (main)
version: 3.18.0+ds2-8
maintainer: Debian Science Maintainers (archive) (DMD)
uploaders: Ghislain Antony Vaillant [DMD] – Anton Gladky [DMD]
arch: all any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.17.0+ds1-5+deb9u1
o-o-sec: 3.17.0+ds1-5+deb9u1
oldstable: 3.18.0+ds2-1+deb10u1
old-sec: 3.18.0+ds2-1+deb10u1
stable: 3.18.0+ds2-6
testing: 3.18.0+ds2-8
unstable: 3.18.0+ds2-8

versioned links

3.17.0+ds1-5+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libfreeimage-dev (1 bugs: 0, 1, 0, 0)
libfreeimage3 (1 bugs: 0, 1, 0, 0)
libfreeimageplus-dev
libfreeimageplus-doc
libfreeimageplus3

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  http://sf.net/freeimage FreeImage(\d+)\.zip

Created: 2022-05-26 Last update: 2022-12-01 02:44

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Created: 2022-07-04 Last update: 2022-08-23 05:14

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Created: 2022-07-04 Last update: 2022-08-23 05:14

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

libfreeimageplus-doc could be marked Multi-Arch: foreign
libfreeimage-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2022-12-01 07:07

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2022-07-27 Last update: 2022-12-01 06:47

4 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 055f63da9a08b89eb05e458ea5f5e24ec7226f9c
Merge: 1df658c 35b85d9
Author: Stuart Prescott <stuart@debian.org>
Date:   Mon Nov 28 13:45:52 2022 +0000

    Merge branch 'lintian-fixes' into 'debian/sid'
    
    Fix some issues reported by lintian
    
    See merge request science-team/freeimage!2

commit 35b85d9fcc23ff7768140d74dd0601712d8d506a
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Sun Nov 27 04:47:55 2022 +0000

    Use secure URI in Homepage field.
    
    Changes-By: lintian-brush
    Fixes: lintian: homepage-field-uses-insecure-uri
    See-also: https://lintian.debian.org/tags/homepage-field-uses-insecure-uri.html

commit 1df658c24fc866e2d08a71b897798540efdbca86
Merge: 5f270dc b3e75ae
Author: Stuart Prescott <stuart@debian.org>
Date:   Sun Nov 27 04:25:29 2022 +0000

    Merge branch 'multiarch-fixes' into 'debian/sid'
    
    Apply hints suggested by the multi-arch hinter
    
    See merge request science-team/freeimage!1

commit b3e75ae98ec69310cefbee11ffa231d5bd96e169
Author: Janitor <jelmer+janitor@jelmer.uk>
Date:   Sun Nov 27 04:25:28 2022 +0000

    Apply hints suggested by the multi-arch hinter

Created: 2022-11-27 Last update: 2022-11-28 16:07

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2022-08-21 10:05

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:

CVE-2019-12212: (postponed; to be fixed through a stable update) When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: (postponed; to be fixed through a stable update) In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2022-08-23 05:14

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2020-08-19 Last update: 2020-08-19 16:33

news

[rss feed]

[2022-08-23] freeimage 3.18.0+ds2-8 MIGRATED to testing (Debian testing watch)
[2022-08-20] Accepted freeimage 3.18.0+ds2-8 (source) into unstable (Anton Gladky)
[2022-05-28] freeimage 3.18.0+ds2-7 MIGRATED to testing (Debian testing watch)
[2022-05-28] freeimage 3.18.0+ds2-7 MIGRATED to testing (Debian testing watch)
[2022-05-26] Accepted freeimage 3.18.0+ds2-7 (source) into unstable (Anton Gladky)
[2020-08-30] freeimage 3.18.0+ds2-6 MIGRATED to testing (Debian testing watch)
[2020-08-30] freeimage 3.18.0+ds2-6 MIGRATED to testing (Debian testing watch)
[2020-08-27] Accepted freeimage 3.18.0+ds2-6 (source) into unstable (Anton Gladky)
[2020-07-19] freeimage 3.18.0+ds2-5 MIGRATED to testing (Debian testing watch)
[2020-07-16] Accepted freeimage 3.18.0+ds2-5 (source) into unstable (Anton Gladky)
[2020-07-15] Accepted freeimage 3.18.0+ds2-4 (source) into unstable (Anton Gladky)
[2020-01-03] freeimage 3.18.0+ds2-3 MIGRATED to testing (Debian testing watch)
[2020-01-01] Accepted freeimage 3.18.0+ds2-3 (source) into unstable (Anton Gladky)
[2019-12-29] Accepted freeimage 3.17.0+ds1-5+deb9u1 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Hugo Lefeuvre)
[2019-12-29] Accepted freeimage 3.18.0+ds2-1+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Hugo Lefeuvre)
[2019-12-27] Accepted freeimage 3.18.0+ds2-1+deb10u1 (source amd64 all) into stable->embargoed, stable (Hugo Lefeuvre)
[2019-12-27] Accepted freeimage 3.17.0+ds1-5+deb9u1 (source amd64 all) into oldstable->embargoed, oldstable (Hugo Lefeuvre)
[2019-12-10] Accepted freeimage 3.15.4-4.2+deb8u2 (source amd64) into oldoldstable (Hugo Lefeuvre)
[2019-01-08] freeimage 3.18.0+ds2-1 MIGRATED to testing (Debian testing watch)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1 (source) into unstable (Anton Gladky)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1~exp1 (source) into experimental (Anton Gladky)
[2017-01-23] freeimage 3.17.0+ds1-5 MIGRATED to testing (Debian testing watch)
[2017-01-12] Accepted freeimage 3.17.0+ds1-5 (source) into unstable (Anton Gladky)
[2016-12-24] freeimage 3.17.0+ds1-4 MIGRATED to testing (Debian testing watch)
[2016-12-13] Accepted freeimage 3.17.0+ds1-4 (source) into unstable (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2016-10-14] Accepted freeimage 3.15.4-4.2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (Anton Gladky)
[2016-10-12] freeimage 3.17.0+ds1-3 MIGRATED to testing (Debian testing watch)
[2016-10-11] Accepted freeimage 3.17.0+ds1-3 (source) into unstable (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2016-10-06] Accepted freeimage 3.15.1-1.1+deb7u1 (source amd64) into oldstable (Chris Lamb)
[2016-03-11] freeimage 3.17.0+ds1-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 6
RC: 0
I&N: 6
M&W: 0
F&P: 0
patch: 1

links

homepage
lintian (0, 5)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.18.0+ds2-8
4 bugs (2 patches)