Debian Package Tracker
Register | Log in
Subscribe

gegl

Generic Graphics Library Test Program

Choose email to subscribe with

general
  • source: gegl (main)
  • version: 1:0.4.36-3
  • maintainer: Debian GNOME Maintainers (archive) (DMD)
  • uploaders: Jeremy Bicha [DMD] – Josselin Mouette [DMD] – Emilio Pozuelo Monfort [DMD]
  • arch: all any
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.3.8-4
  • oldstable: 0.4.12-2
  • stable: 1:0.4.26-2
  • testing: 1:0.4.36-3
  • unstable: 1:0.4.36-3
versioned links
  • 0.3.8-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.4.12-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:0.4.26-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:0.4.36-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • gegl
  • gir1.2-gegl-0.4
  • libgegl-0.4-0
  • libgegl-common
  • libgegl-dev (2 bugs: 0, 2, 0, 0)
  • libgegl-doc
action needed
2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:
  • CVE-2018-10111: An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
  • CVE-2018-10112: An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.
Created: 2021-02-19 Last update: 2022-03-31 07:30
2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:
  • CVE-2018-10111: An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
  • CVE-2018-10112: An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.
Created: 2021-08-15 Last update: 2022-03-31 07:30
lintian reports 5 errors and 22 warnings high
Lintian reports 5 errors and 22 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2022-01-01 Last update: 2022-01-01 04:32
3 low-priority security issues in buster low

There are 3 open security issues in buster.

1 issue left for the package maintainer to handle:
  • CVE-2021-45463: (needs triaging) load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

You can find information about how to handle this issue in the security team's documentation.

2 ignored issues:
  • CVE-2018-10111: An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
  • CVE-2018-10112: An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.
Created: 2021-02-19 Last update: 2022-03-31 07:30
3 low-priority security issues in bullseye low

There are 3 open security issues in bullseye.

1 issue left for the package maintainer to handle:
  • CVE-2021-45463: (needs triaging) load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

You can find information about how to handle this issue in the security team's documentation.

2 ignored issues:
  • CVE-2018-10111: An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
  • CVE-2018-10112: An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.
Created: 2021-08-14 Last update: 2022-03-31 07:30
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2020-08-19 Last update: 2020-08-19 16:33
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).
Created: 2021-08-18 Last update: 2022-05-11 23:24
testing migrations
  • This package will soon be part of the auto-ffmpeg transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • This package will soon be part of the auto-openexr transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2022-03-31] gegl 1:0.4.36-3 MIGRATED to testing (Debian testing watch)
  • [2022-03-25] Accepted gegl 1:0.4.36-3 (source) into unstable (Jeremy Bicha)
  • [2022-03-25] Accepted gegl 1:0.4.36-2 (source) into unstable (Jeremy Bicha)
  • [2022-03-24] Accepted gegl 1:0.4.36-1 (source) into unstable (Jeremy Bicha)
  • [2021-12-29] gegl 1:0.4.34-1 MIGRATED to testing (Debian testing watch)
  • [2021-12-26] Accepted gegl 1:0.4.34-1 (source) into unstable (Jeremy Bicha)
  • [2021-11-02] gegl 1:0.4.32-2 MIGRATED to testing (Debian testing watch)
  • [2021-10-28] Accepted gegl 1:0.4.32-2 (source) into unstable (Simon McVittie)
  • [2021-09-22] gegl 1:0.4.32-1 MIGRATED to testing (Debian testing watch)
  • [2021-09-09] Accepted gegl 1:0.4.32-1 (source) into unstable (Simon McVittie)
  • [2021-07-18] Accepted gegl 1:0.4.30-1 (source) into unstable (Jeremy Bicha)
  • [2021-03-18] Accepted gegl 1:0.4.28-3 (source) into unstable (Jeremy Bicha)
  • [2021-03-13] Accepted gegl 1:0.4.28-2 (source) into unstable (Jeremy Bicha)
  • [2021-03-13] Accepted gegl 1:0.4.28-1 (source) into unstable (Jeremy Bicha)
  • [2020-11-29] gegl 1:0.4.26-2 MIGRATED to testing (Debian testing watch)
  • [2020-11-29] gegl 1:0.4.26-2 MIGRATED to testing (Debian testing watch)
  • [2020-11-24] Accepted gegl 1:0.4.26-2 (source) into unstable (Simon McVittie)
  • [2020-08-31] gegl 1:0.4.26-1 MIGRATED to testing (Debian testing watch)
  • [2020-08-26] Accepted gegl 1:0.4.26-1 (source) into unstable (Simon McVittie)
  • [2020-07-01] gegl 0.4.24-1 MIGRATED to testing (Debian testing watch)
  • [2020-06-13] Accepted gegl 0.4.24-1 (source) into unstable (Jeremy Bicha)
  • [2020-03-23] gegl 0.4.22-3 MIGRATED to testing (Debian testing watch)
  • [2020-03-18] Accepted gegl 0.4.22-3 (source) into unstable (Simon McVittie)
  • [2020-03-17] Accepted gegl 0.4.22-2 (source) into unstable (Simon McVittie)
  • [2020-02-22] Accepted gegl 0.4.22-1 (source) into unstable (Andreas Henriksson)
  • [2019-11-21] Accepted gegl 0.4.18-2 (source) into unstable (Sebastien Bacher)
  • [2019-11-09] Accepted gegl 0.4.18-1 (source) into unstable (Jeremy Bicha)
  • [2019-11-02] gegl 0.4.16-2 MIGRATED to testing (Debian testing watch)
  • [2019-10-27] Accepted gegl 0.4.16-2 (source) into unstable (Jeremy Bicha)
  • [2019-10-19] gegl 0.4.16-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 5
  • RC: 0
  • I&N: 5
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (5, 22)
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • l10n (-, 77)
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1:0.4.36-3
  • 4 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing