freeimage - Debian Package Tracker

general

source: freeimage (main)
version: 3.18.0+ds2-6
maintainer: Debian Science Maintainers (archive) (DMD)
uploaders: Ghislain Antony Vaillant [DMD] – Anton Gladky [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.17.0+ds1-5+deb9u1
o-o-sec: 3.17.0+ds1-5+deb9u1
oldstable: 3.18.0+ds2-1+deb10u1
old-sec: 3.18.0+ds2-1+deb10u1
stable: 3.18.0+ds2-6
testing: 3.18.0+ds2-6
unstable: 3.18.0+ds2-6

versioned links

3.17.0+ds1-5+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libfreeimage-dev
libfreeimage3 (1 bugs: 0, 1, 0, 0)
libfreeimageplus-dev
libfreeimageplus-doc
libfreeimageplus3

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Created: 2021-02-19 Last update: 2021-08-15 00:00

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Created: 2021-08-15 Last update: 2021-08-15 00:00

Multiarch hinter reports 3 issue(s) normal

There are issues with the multiarch metadata for this package.

libfreeimageplus-doc could be marked Multi-Arch: foreign
libfreeimage-dev could be marked Multi-Arch: same
libfreeimageplus-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2021-11-29 01:30

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2021-09-06 18:32

2 low-priority security issues in buster low

There are 2 open security issues in buster.

2 issues left for the package maintainer to handle:

CVE-2019-12212: (postponed; to be fixed through a stable update) When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: (postponed; to be fixed through a stable update) In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-08-15 00:00

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:

CVE-2019-12212: (postponed; to be fixed through a stable update) When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: (postponed; to be fixed through a stable update) In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-08-14 Last update: 2021-08-15 00:00

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2020-08-19 Last update: 2020-08-19 16:33

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.0).

Created: 2020-11-17 Last update: 2021-08-18 14:03

news

[rss feed]

[2020-08-30] freeimage 3.18.0+ds2-6 MIGRATED to testing (Debian testing watch)
[2020-08-30] freeimage 3.18.0+ds2-6 MIGRATED to testing (Debian testing watch)
[2020-08-27] Accepted freeimage 3.18.0+ds2-6 (source) into unstable (Anton Gladky)
[2020-07-19] freeimage 3.18.0+ds2-5 MIGRATED to testing (Debian testing watch)
[2020-07-16] Accepted freeimage 3.18.0+ds2-5 (source) into unstable (Anton Gladky)
[2020-07-15] Accepted freeimage 3.18.0+ds2-4 (source) into unstable (Anton Gladky)
[2020-01-03] freeimage 3.18.0+ds2-3 MIGRATED to testing (Debian testing watch)
[2020-01-01] Accepted freeimage 3.18.0+ds2-3 (source) into unstable (Anton Gladky)
[2019-12-29] Accepted freeimage 3.17.0+ds1-5+deb9u1 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Hugo Lefeuvre)
[2019-12-29] Accepted freeimage 3.18.0+ds2-1+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Hugo Lefeuvre)
[2019-12-27] Accepted freeimage 3.18.0+ds2-1+deb10u1 (source amd64 all) into stable->embargoed, stable (Hugo Lefeuvre)
[2019-12-27] Accepted freeimage 3.17.0+ds1-5+deb9u1 (source amd64 all) into oldstable->embargoed, oldstable (Hugo Lefeuvre)
[2019-12-10] Accepted freeimage 3.15.4-4.2+deb8u2 (source amd64) into oldoldstable (Hugo Lefeuvre)
[2019-01-08] freeimage 3.18.0+ds2-1 MIGRATED to testing (Debian testing watch)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1 (source) into unstable (Anton Gladky)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1~exp1 (source) into experimental (Anton Gladky)
[2017-01-23] freeimage 3.17.0+ds1-5 MIGRATED to testing (Debian testing watch)
[2017-01-12] Accepted freeimage 3.17.0+ds1-5 (source) into unstable (Anton Gladky)
[2016-12-24] freeimage 3.17.0+ds1-4 MIGRATED to testing (Debian testing watch)
[2016-12-13] Accepted freeimage 3.17.0+ds1-4 (source) into unstable (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2016-10-14] Accepted freeimage 3.15.4-4.2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (Anton Gladky)
[2016-10-12] freeimage 3.17.0+ds1-3 MIGRATED to testing (Debian testing watch)
[2016-10-11] Accepted freeimage 3.17.0+ds1-3 (source) into unstable (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2016-10-06] Accepted freeimage 3.15.1-1.1+deb7u1 (source amd64) into oldstable (Chris Lamb)
[2016-03-11] freeimage 3.17.0+ds1-2 MIGRATED to testing (Debian testing watch)
[2016-03-05] Accepted freeimage 3.17.0+ds1-2 (source amd64 all) into unstable (Ghislain Antony Vaillant) (signed by: Micha Lenk)
[2016-02-02] freeimage 3.17.0+ds1-1.1 MIGRATED to testing (Debian testing watch)
[2016-01-27] Accepted freeimage 3.17.0+ds1-1.1 (source amd64 all) into unstable (Tobias Frost)
[2016-01-23] freeimage 3.17.0+ds1-1 MIGRATED to testing (Debian testing watch)
[2016-01-18] Accepted freeimage 3.17.0+ds1-1 (source) into unstable (Anton Gladky)

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.18.0+ds2-6ubuntu3
4 bugs (2 patches)
patches for 3.18.0+ds2-6ubuntu3