Debian Package Tracker

general

source: gdk-pixbuf (source, libs)
version: 2.36.5-2
maintainer: Debian GNOME Maintainers (archive) [DMD]
uploaders: Iain Lane [DMD] – Emilio Pozuelo Monfort [DMD] – Michael Biebl [DMD]
arch: all any
std-ver: 3.9.8
VCS: Subversion (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.26.1-1+deb7u3
o-o-sec: 2.26.1-1+deb7u5
oldstable: 2.31.1-2+deb8u5
old-sec: 2.31.1-2+deb8u5
stable: 2.36.5-2
testing: 2.36.5-2
unstable: 2.36.5-2
exp: 2.36.5-3

versioned links

2.26.1-1+deb7u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.26.1-1+deb7u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.31.1-2+deb8u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.36.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.36.5-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-gdkpixbuf-2.0
libgdk-pixbuf2.0-0
libgdk-pixbuf2.0-0-udeb
libgdk-pixbuf2.0-common
libgdk-pixbuf2.0-dev
libgdk-pixbuf2.0-doc

action needed

A new upstream version is available: 2.36.7

high

A new upstream version 2.36.7 is available, you should consider packaging it.

Created: 2017-03-28 Last update: 2017-07-25 13:21

lintian reports 4 errors and 18 warnings

high

Lintian reports 4 errors and 18 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-02-15 Last update: 2017-06-22 07:16

3 security issues in sid

high

There are 3 open security issues in sid.

3 important issues:

CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Please fix them.

Created: 2017-02-26 Last update: 2017-06-18 08:29

3 security issues in buster

high

There are 3 open security issues in buster.

3 important issues:

CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Please fix them.

Created: 2017-06-18 Last update: 2017-06-18 08:29

Does not build reproducibly during testing

normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2017-07-23 Last update: 2017-07-25 13:29

Depends on packages which need a new maintainer

normal

The packages that gdk-pixbuf depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2017-01-18 Last update: 2017-07-25 13:27

3 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2017-01-17 Last update: 2017-07-25 13:06

3 ignored security issues in wheezy

low

There are 3 open security issues in wheezy.

3 issues skipped by the security teams:

CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Please fix them.

Created: 2017-02-26 Last update: 2017-06-18 08:29

4 ignored security issues in jessie

low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2016-6352: The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Please fix them.

Created: 2016-07-13 Last update: 2017-06-18 08:29

3 ignored security issues in stretch

low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Please fix them.

Created: 2017-02-26 Last update: 2017-06-18 08:29

news

[rss feed]

[2017-03-20] Accepted gdk-pixbuf 2.36.5-3 (all amd64 i386 source) into experimental, experimental (Jeremy Bicha) (signed by: Iain Lane)
[2017-02-28] gdk-pixbuf 2.36.5-2 MIGRATED to testing (Debian testing watch)
[2017-02-16] Accepted gdk-pixbuf 2.36.5-2 (source) into unstable (Iain Lane)
[2017-02-14] Accepted gdk-pixbuf 2.36.5-1 (source amd64 all) into experimental (Iain Lane)
[2017-02-02] gdk-pixbuf 2.36.4-1 MIGRATED to testing (Debian testing watch)
[2017-01-17] gdk-pixbuf 2.36.3-1 MIGRATED to testing (Debian testing watch)
[2017-01-17] Accepted gdk-pixbuf 2.36.4-1 (source) into unstable (Emilio Pozuelo Monfort)
[2017-01-09] Accepted gdk-pixbuf 2.36.3-1 (source) into unstable (Iain Lane)
[2017-01-01] gdk-pixbuf 2.36.2-1 MIGRATED to testing (Debian testing watch)
[2016-12-22] Accepted gdk-pixbuf 2.36.2-1 (source) into unstable (Michael Biebl)
[2016-12-17] Accepted gdk-pixbuf 2.36.1-1 (source) into unstable (Michael Biebl)
[2016-10-09] Accepted gdk-pixbuf 2.31.1-2+deb8u5+kbsd8u2 (source all) into stable-kfreebsd-proposed-updates (Steven Chamberlain)
[2016-10-08] Accepted gdk-pixbuf 2.31.1-2+deb8u5+kbsd8u1 (source all) into stable-kfreebsd-proposed-updates (Steven Chamberlain)
[2016-09-30] gdk-pixbuf 2.36.0-1 MIGRATED to testing (Debian testing watch)
[2016-09-19] Accepted gdk-pixbuf 2.36.0-1 (source) into unstable (Michael Biebl)
[2016-09-13] Accepted gdk-pixbuf 2.35.5-1 (source) into unstable (Michael Biebl)
[2016-09-08] Accepted gdk-pixbuf 2.35.4-4 (source) into unstable (Michael Biebl)
[2016-09-08] Accepted gdk-pixbuf 2.35.4-3 (source) into unstable (Michael Biebl)
[2016-09-08] Accepted gdk-pixbuf 2.35.4-2 (source) into unstable (Michael Biebl)
[2016-09-07] Accepted gdk-pixbuf 2.35.4-1 (source) into unstable (Michael Biebl)
[2016-06-05] Accepted gdk-pixbuf 2.31.1-2+deb8u5 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-06-02] Accepted gdk-pixbuf 2.26.1-1+deb7u5 (source all amd64) into oldstable (signed by: Markus Koschany)
[2016-04-22] gdk-pixbuf 2.34.0-1 MIGRATED to testing (Debian testing watch)
[2016-04-16] Accepted gdk-pixbuf 2.34.0-1 (source) into unstable (Michael Biebl)
[2016-04-14] gdk-pixbuf 2.32.3-2 MIGRATED to testing (Debian testing watch)
[2016-04-08] Accepted gdk-pixbuf 2.32.3-2 (source) into unstable (Emilio Pozuelo Monfort)
[2016-03-25] Accepted gdk-pixbuf 2.31.1-2+deb8u4+kbsd8u1 (source all) into stable-kfreebsd-proposed-updates (Steven Chamberlain)
[2016-03-14] Accepted gdk-pixbuf 2.33.2-1 (source amd64 all) into experimental (Andreas Henriksson)
[2016-02-02] gdk-pixbuf 2.32.3-1.2 MIGRATED to testing (Debian testing watch)
[2016-01-27] Accepted gdk-pixbuf 2.32.3-1.2 (source) into unstable (Gianfranco Costamagna)

bugs [bug history graph]

all: 23 30
RC: 1
I&N: 21 28
M&W: 1
F&P: 0

links

homepage
lintian (4, 18)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.36.5-3
20 bugs (2 patches)