Register | Log in

freeimage

Choose email to subscribe with

general

source: freeimage (main)
version: 3.18.0+ds2-3
maintainer: Debian Science Maintainers (archive) (DMD)
uploaders: Ghislain Antony Vaillant [DMD] – Anton Gladky [DMD]
arch: all any
std-ver: 4.4.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.15.4-4.2+deb8u1
o-o-sec: 3.15.4-4.2+deb8u2
oldstable: 3.17.0+ds1-5+deb9u1
old-sec: 3.17.0+ds1-5+deb9u1
stable: 3.18.0+ds2-1+deb10u1
stable-sec: 3.18.0+ds2-1+deb10u1
testing: 3.18.0+ds2-3
unstable: 3.18.0+ds2-3

versioned links

3.15.4-4.2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.15.4-4.2+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.17.0+ds1-5+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libfreeimage-dev
libfreeimage3 (1 bugs: 0, 1, 0, 0)
libfreeimageplus-dev
libfreeimageplus-doc
libfreeimageplus3

action needed

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Please fix them.

Created: 2019-07-07 Last update: 2020-02-08 18:32

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Please fix them.

Created: 2019-05-20 Last update: 2020-02-08 18:32

Multiarch hinter reports 3 issue(s) normal

There are issues with the multiarch metadata for this package.

libfreeimageplus-doc could be marked Multi-Arch: foreign
libfreeimage-dev could be marked Multi-Arch: same
libfreeimageplus-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2020-02-19 17:14

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Please fix them.

Created: 2019-05-20 Last update: 2020-02-08 18:32

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Please fix them.

Created: 2019-05-20 Last update: 2020-02-08 18:32

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Please fix them.

Created: 2019-05-20 Last update: 2020-02-08 18:32

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2014-07-02 Last update: 2017-06-23 19:20

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.1).

Created: 2020-01-21 Last update: 2020-01-21 05:06

news

[2020-01-03] freeimage 3.18.0+ds2-3 MIGRATED to testing (Debian testing watch)
[2020-01-01] Accepted freeimage 3.18.0+ds2-3 (source) into unstable (Anton Gladky)
[2019-12-29] Accepted freeimage 3.17.0+ds1-5+deb9u1 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Hugo Lefeuvre)
[2019-12-29] Accepted freeimage 3.18.0+ds2-1+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Hugo Lefeuvre)
[2019-12-27] Accepted freeimage 3.18.0+ds2-1+deb10u1 (source amd64 all) into stable->embargoed, stable (Hugo Lefeuvre)
[2019-12-27] Accepted freeimage 3.17.0+ds1-5+deb9u1 (source amd64 all) into oldstable->embargoed, oldstable (Hugo Lefeuvre)
[2019-12-10] Accepted freeimage 3.15.4-4.2+deb8u2 (source amd64) into oldoldstable (Hugo Lefeuvre)
[2019-01-08] freeimage 3.18.0+ds2-1 MIGRATED to testing (Debian testing watch)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1 (source) into unstable (Anton Gladky)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1~exp1 (source) into experimental (Anton Gladky)
[2017-01-23] freeimage 3.17.0+ds1-5 MIGRATED to testing (Debian testing watch)
[2017-01-12] Accepted freeimage 3.17.0+ds1-5 (source) into unstable (Anton Gladky)
[2016-12-24] freeimage 3.17.0+ds1-4 MIGRATED to testing (Debian testing watch)
[2016-12-13] Accepted freeimage 3.17.0+ds1-4 (source) into unstable (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2016-10-14] Accepted freeimage 3.15.4-4.2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (Anton Gladky)
[2016-10-12] freeimage 3.17.0+ds1-3 MIGRATED to testing (Debian testing watch)
[2016-10-11] Accepted freeimage 3.17.0+ds1-3 (source) into unstable (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2016-10-06] Accepted freeimage 3.15.1-1.1+deb7u1 (source amd64) into oldstable (Chris Lamb)
[2016-03-11] freeimage 3.17.0+ds1-2 MIGRATED to testing (Debian testing watch)
[2016-03-05] Accepted freeimage 3.17.0+ds1-2 (source amd64 all) into unstable (Ghislain Antony Vaillant) (signed by: Micha Lenk)
[2016-02-02] freeimage 3.17.0+ds1-1.1 MIGRATED to testing (Debian testing watch)
[2016-01-27] Accepted freeimage 3.17.0+ds1-1.1 (source amd64 all) into unstable (Tobias Frost)
[2016-01-23] freeimage 3.17.0+ds1-1 MIGRATED to testing (Debian testing watch)
[2016-01-18] Accepted freeimage 3.17.0+ds1-1 (source) into unstable (Anton Gladky)
[2016-01-11] Accepted freeimage 3.17.0+ds1-1~exp2 (source) into experimental (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2015-12-20] Accepted freeimage 3.17.0+ds1-1~exp1 (source amd64 all) into experimental, experimental (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2015-11-06] Accepted freeimage 3.15.1-1.1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Anton Gladky)
[2015-11-05] Accepted freeimage 3.15.4-4.2 (source amd64) into proposed-updates->stable-new, proposed-updates (Anton Gladky)
[2015-11-04] freeimage 3.15.4-6 MIGRATED to testing (Britney)
[2015-10-29] Accepted freeimage 3.15.4-6 (source) into unstable (Anton Gladky)

1
2

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.18.0+ds2-1ubuntu2
3 bugs (2 patches)
patches for 3.18.0+ds2-1ubuntu2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing