Debian Package Tracker

general

source: gdk-pixbuf (source, libs)
version: 2.36.10-2
maintainer: Debian GNOME Maintainers (archive) [DMD]
uploaders: Michael Biebl [DMD] – Jeremy Bicha [DMD] – Emilio Pozuelo Monfort [DMD] – Iain Lane [DMD]
arch: all any
std-ver: 4.1.0
VCS: Subversion (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.26.1-1+deb7u3
o-o-sec: 2.26.1-1+deb7u6
oldstable: 2.31.1-2+deb8u5
old-sec: 2.31.1-2+deb8u6
old-p-u: 2.31.1-2+deb8u6
stable: 2.36.5-2
stable-sec: 2.36.5-2+deb9u1
stable-p-u: 2.36.5-2+deb9u1
testing: 2.36.5-2
unstable: 2.36.10-2

versioned links

2.26.1-1+deb7u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.26.1-1+deb7u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.31.1-2+deb8u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.31.1-2+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.36.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.36.5-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.36.10-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-gdkpixbuf-2.0
libgdk-pixbuf2.0-0
libgdk-pixbuf2.0-0-udeb
libgdk-pixbuf2.0-bin
libgdk-pixbuf2.0-common
libgdk-pixbuf2.0-dev
libgdk-pixbuf2.0-doc

action needed

lintian reports 2 errors and 10 warnings

high

Lintian reports 2 errors and 10 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-02-15 Last update: 2017-09-22 07:15

3 security issues in sid

high

There are 3 open security issues in sid.

3 important issues:

CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Please fix them.

Created: 2017-02-26 Last update: 2017-09-21 07:38

4 security issues in buster

high

There are 4 open security issues in buster.

4 important issues:

CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
CVE-2017-2862: An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.

Please fix them.

Created: 2017-06-18 Last update: 2017-09-21 07:38

Depends on packages which need a new maintainer

normal

The packages that gdk-pixbuf depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2017-01-18 Last update: 2017-09-25 19:20

4 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 4 bugs, consider including or untagging them.

Created: 2017-08-12 Last update: 2017-09-25 19:01

The URL(s) for this package had some recent persistent issues

low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2017-09-13 Last update: 2017-09-25 19:19

3 ignored security issues in wheezy

low

There are 3 open security issues in wheezy.

3 issues skipped by the security teams:

CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Please fix them.

Created: 2017-02-26 Last update: 2017-09-21 07:38

4 ignored security issues in jessie

low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2016-6352: The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Please fix them.

Created: 2016-07-13 Last update: 2017-09-21 07:38

3 ignored security issues in stretch

low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Please fix them.

Created: 2017-02-26 Last update: 2017-09-21 07:38

testing migrations

excuses:
- Migration status: WAITING: Waiting for test results, another package or too young (no action required now - check later)
- Too young, only 4 of 5 days old
- Updating gdk-pixbuf fixes old bugs: #874552
- Piuparts tested OK - https://piuparts.debian.org/sid/source/g/gdk-pixbuf.html
- Not considered

news

[rss feed]

[2017-09-23] Accepted gdk-pixbuf 2.31.1-2+deb8u6 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-09-23] Accepted gdk-pixbuf 2.36.5-2+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-09-20] Accepted gdk-pixbuf 2.36.10-2 (source) into unstable (Jeremy Bicha)
[2017-09-19] Accepted gdk-pixbuf 2.26.1-1+deb7u6 (source all amd64) into oldoldstable (Emilio Pozuelo Monfort)
[2017-09-19] Accepted gdk-pixbuf 2.36.10-1 (source) into unstable (Emilio Pozuelo Monfort)
[2017-08-31] Accepted gdk-pixbuf 2.36.5-4 (source) into unstable (Jeremy Bicha)
[2017-03-20] Accepted gdk-pixbuf 2.36.5-3 (all amd64 i386 source) into experimental, experimental (Jeremy Bicha) (signed by: Iain Lane)
[2017-02-28] gdk-pixbuf 2.36.5-2 MIGRATED to testing (Debian testing watch)
[2017-02-16] Accepted gdk-pixbuf 2.36.5-2 (source) into unstable (Iain Lane)
[2017-02-14] Accepted gdk-pixbuf 2.36.5-1 (source amd64 all) into experimental (Iain Lane)
[2017-02-02] gdk-pixbuf 2.36.4-1 MIGRATED to testing (Debian testing watch)
[2017-01-17] gdk-pixbuf 2.36.3-1 MIGRATED to testing (Debian testing watch)
[2017-01-17] Accepted gdk-pixbuf 2.36.4-1 (source) into unstable (Emilio Pozuelo Monfort)
[2017-01-09] Accepted gdk-pixbuf 2.36.3-1 (source) into unstable (Iain Lane)
[2017-01-01] gdk-pixbuf 2.36.2-1 MIGRATED to testing (Debian testing watch)
[2016-12-22] Accepted gdk-pixbuf 2.36.2-1 (source) into unstable (Michael Biebl)
[2016-12-17] Accepted gdk-pixbuf 2.36.1-1 (source) into unstable (Michael Biebl)
[2016-10-09] Accepted gdk-pixbuf 2.31.1-2+deb8u5+kbsd8u2 (source all) into stable-kfreebsd-proposed-updates (Steven Chamberlain)
[2016-10-08] Accepted gdk-pixbuf 2.31.1-2+deb8u5+kbsd8u1 (source all) into stable-kfreebsd-proposed-updates (Steven Chamberlain)
[2016-09-30] gdk-pixbuf 2.36.0-1 MIGRATED to testing (Debian testing watch)
[2016-09-19] Accepted gdk-pixbuf 2.36.0-1 (source) into unstable (Michael Biebl)
[2016-09-13] Accepted gdk-pixbuf 2.35.5-1 (source) into unstable (Michael Biebl)
[2016-09-08] Accepted gdk-pixbuf 2.35.4-4 (source) into unstable (Michael Biebl)
[2016-09-08] Accepted gdk-pixbuf 2.35.4-3 (source) into unstable (Michael Biebl)
[2016-09-08] Accepted gdk-pixbuf 2.35.4-2 (source) into unstable (Michael Biebl)
[2016-09-07] Accepted gdk-pixbuf 2.35.4-1 (source) into unstable (Michael Biebl)
[2016-06-05] Accepted gdk-pixbuf 2.31.1-2+deb8u5 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-06-02] Accepted gdk-pixbuf 2.26.1-1+deb7u5 (source all amd64) into oldstable (signed by: Markus Koschany)
[2016-04-22] gdk-pixbuf 2.34.0-1 MIGRATED to testing (Debian testing watch)
[2016-04-16] Accepted gdk-pixbuf 2.34.0-1 (source) into unstable (Michael Biebl)

bugs [bug history graph]

all: 24 31
RC: 0
I&N: 22 29
M&W: 2
F&P: 0

links

homepage
lintian (2, 10)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.36.10-2
21 bugs (2 patches)