gegl - Debian Package Tracker

general

source: gegl (main)
version: 1:0.4.36-3
maintainer: Debian GNOME Maintainers (archive) (DMD)
uploaders: Jeremy Bicha [DMD] – Josselin Mouette [DMD] – Emilio Pozuelo Monfort [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.3.8-4
oldstable: 0.4.12-2
stable: 1:0.4.26-2
testing: 1:0.4.36-3
unstable: 1:0.4.36-3

versioned links

0.3.8-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.4.12-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:0.4.26-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:0.4.36-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gegl
gir1.2-gegl-0.4
libgegl-0.4-0
libgegl-common
libgegl-dev (2 bugs: 0, 2, 0, 0)
libgegl-doc

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2018-10111: An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
CVE-2018-10112: An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.

Created: 2021-02-19 Last update: 2022-03-31 07:30

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2018-10111: An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
CVE-2018-10112: An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.

Created: 2021-08-15 Last update: 2022-03-31 07:30

lintian reports 5 errors and 22 warnings high

Lintian reports 5 errors and 22 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-01-01 Last update: 2022-01-01 04:32

3 low-priority security issues in buster low

There are 3 open security issues in buster.

1 issue left for the package maintainer to handle:

CVE-2021-45463: (needs triaging) load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

You can find information about how to handle this issue in the security team's documentation.

2 ignored issues:

CVE-2018-10111: An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
CVE-2018-10112: An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.

Created: 2021-02-19 Last update: 2022-03-31 07:30

3 low-priority security issues in bullseye low

There are 3 open security issues in bullseye.

1 issue left for the package maintainer to handle:

CVE-2021-45463: (needs triaging) load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

You can find information about how to handle this issue in the security team's documentation.

2 ignored issues:

CVE-2018-10111: An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
CVE-2018-10112: An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.

Created: 2021-08-14 Last update: 2022-03-31 07:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2020-08-19 Last update: 2020-08-19 16:33

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).

Created: 2021-08-18 Last update: 2022-05-11 23:24

testing migrations

This package will soon be part of the auto-ffmpeg transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openexr transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2022-03-31] gegl 1:0.4.36-3 MIGRATED to testing (Debian testing watch)
[2022-03-25] Accepted gegl 1:0.4.36-3 (source) into unstable (Jeremy Bicha)
[2022-03-25] Accepted gegl 1:0.4.36-2 (source) into unstable (Jeremy Bicha)
[2022-03-24] Accepted gegl 1:0.4.36-1 (source) into unstable (Jeremy Bicha)
[2021-12-29] gegl 1:0.4.34-1 MIGRATED to testing (Debian testing watch)
[2021-12-26] Accepted gegl 1:0.4.34-1 (source) into unstable (Jeremy Bicha)
[2021-11-02] gegl 1:0.4.32-2 MIGRATED to testing (Debian testing watch)
[2021-10-28] Accepted gegl 1:0.4.32-2 (source) into unstable (Simon McVittie)
[2021-09-22] gegl 1:0.4.32-1 MIGRATED to testing (Debian testing watch)
[2021-09-09] Accepted gegl 1:0.4.32-1 (source) into unstable (Simon McVittie)
[2021-07-18] Accepted gegl 1:0.4.30-1 (source) into unstable (Jeremy Bicha)
[2021-03-18] Accepted gegl 1:0.4.28-3 (source) into unstable (Jeremy Bicha)
[2021-03-13] Accepted gegl 1:0.4.28-2 (source) into unstable (Jeremy Bicha)
[2021-03-13] Accepted gegl 1:0.4.28-1 (source) into unstable (Jeremy Bicha)
[2020-11-29] gegl 1:0.4.26-2 MIGRATED to testing (Debian testing watch)
[2020-11-29] gegl 1:0.4.26-2 MIGRATED to testing (Debian testing watch)
[2020-11-24] Accepted gegl 1:0.4.26-2 (source) into unstable (Simon McVittie)
[2020-08-31] gegl 1:0.4.26-1 MIGRATED to testing (Debian testing watch)
[2020-08-26] Accepted gegl 1:0.4.26-1 (source) into unstable (Simon McVittie)
[2020-07-01] gegl 0.4.24-1 MIGRATED to testing (Debian testing watch)
[2020-06-13] Accepted gegl 0.4.24-1 (source) into unstable (Jeremy Bicha)
[2020-03-23] gegl 0.4.22-3 MIGRATED to testing (Debian testing watch)
[2020-03-18] Accepted gegl 0.4.22-3 (source) into unstable (Simon McVittie)
[2020-03-17] Accepted gegl 0.4.22-2 (source) into unstable (Simon McVittie)
[2020-02-22] Accepted gegl 0.4.22-1 (source) into unstable (Andreas Henriksson)
[2019-11-21] Accepted gegl 0.4.18-2 (source) into unstable (Sebastien Bacher)
[2019-11-09] Accepted gegl 0.4.18-1 (source) into unstable (Jeremy Bicha)
[2019-11-02] gegl 0.4.16-2 MIGRATED to testing (Debian testing watch)
[2019-10-27] Accepted gegl 0.4.16-2 (source) into unstable (Jeremy Bicha)
[2019-10-19] gegl 0.4.16-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 5
RC: 0
I&N: 5
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (5, 22)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (-, 77)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:0.4.36-3
4 bugs