godot - Debian Package Tracker

general

source: godot (main)
version: 3.2.3-stable-1
maintainer: Debian Games Team (archive) (DMD)
uploaders: Federico Ceratto [DMD] – Dominik George [DMD]
arch: any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.0.6-2
stable: 3.2.3-stable-1
testing: 3.2.3-stable-1
unstable: 3.2.3-stable-1

versioned links

3.0.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2.3-stable-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

godot3 (1 bugs: 0, 0, 1, 0)
godot3-runner
godot3-server

action needed

A new upstream version is available: 3.4-stable high

A new upstream version 3.4-stable is available, you should consider packaging it.

Created: 2021-04-22 Last update: 2021-12-04 05:36

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2021-26825: An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
CVE-2021-26826: A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

Created: 2021-02-19 Last update: 2021-08-15 00:00

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2021-26825: An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
CVE-2021-26826: A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

Created: 2021-08-15 Last update: 2021-08-15 00:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 3.3.3-stable-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 9baadbbb1749b64f2f5bc77e47cf9366c687e8ba
Author: Dominik George <natureshadow@debian.org>
Date:   Thu Sep 30 13:05:06 2021 +0200

    Remove patch for CVE-2021-26825_CVE-2021-26826 (applied upstream)

commit 413cb47a132e95c654a691e661e01a5dd80e15f3
Author: Dominik George <natureshadow@debian.org>
Date:   Thu Sep 30 13:03:07 2021 +0200

    Bump Standards-Version

commit c312ff0b570ee5cdbc2f3cfa5953077e385b9c7c
Author: Dominik George <natureshadow@debian.org>
Date:   Thu Sep 30 12:57:55 2021 +0200

    Update changelog

commit 3180b9ce820ac8d8952f54263a5ed8ffec2c0999
Merge: 47861b61 805af835
Author: Dominik George <natureshadow@debian.org>
Date:   Thu Sep 30 12:45:55 2021 +0200

    Update upstream source from tag 'upstream/3.3.3-stable'
    
    Update to upstream version '3.3.3-stable'
    with Debian dir a121e78d9fd1b95a47c71cb31cc0b7ea6aba7d2c

commit 805af835dd7b18b18f8469f4c0f5193024e178e3
Author: Dominik George <natureshadow@debian.org>
Date:   Thu Sep 30 12:44:34 2021 +0200

    New upstream version 3.3.3-stable

commit 47861b6129e06a5f7e5a15745b6958e82915cd9b
Author: Moritz Muehlenhoff <jmm@debian.org>
Date:   Fri May 28 09:27:24 2021 +0200

    Release to unstable

commit 1245822149e7e104ad4d338e9b671f4d387f1195
Author: Moritz Muehlenhoff <jmm@debian.org>
Date:   Sun May 23 14:14:11 2021 +0200

    CVE-2021-26825/CVE-2021-26826 (Closes: #982593)

commit 7af27f8f851d737c5db666122e856503b7382239
Author: Federico Ceratto <federico.ceratto@gmail.com>
Date:   Sat Feb 6 12:21:40 2021 +0000

    Release v. 3.2.3-stable-3 to Unstable

commit 95fc494d7ddfda68b7367273dffc9b3397acdee2
Author: Federico Ceratto <federico.ceratto@gmail.com>
Date:   Sun Jan 31 23:55:24 2021 +0000

    Release v. 3.2.3-stable-2 to Unstable

commit 8c96f0db6a4f0b19f05d58dbee54e58c204251cb
Author: Federico Ceratto <federico.ceratto@gmail.com>
Date:   Sun Jan 31 23:54:04 2021 +0000

    Set supported architectures

commit 90556ff740321f95b6ecfc386863daff6fa5ba7f
Author: Federico Ceratto <federico.ceratto@gmail.com>
Date:   Sun Jan 31 22:11:58 2021 +0000

    Update CI conf

commit bac96ed4cabb3757f50286e5d88d475210744ede
Author: Federico Ceratto <federico.ceratto@gmail.com>
Date:   Sun Jan 31 22:11:20 2021 +0000

    Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse.
    
    Changes-By: lintian-brush
    Fixes: lintian: upstream-metadata-file-is-missing
    See-also: https://lintian.debian.org/tags/upstream-metadata-file-is-missing.html
    Fixes: lintian: upstream-metadata-missing-bug-tracking
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-bug-tracking.html
    Fixes: lintian: upstream-metadata-missing-repository
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-repository.html

commit 6fce65f1096d0767ce61a8b40936130f9dbccbee
Author: Federico Ceratto <federico.ceratto@gmail.com>
Date:   Sun Jan 31 22:11:05 2021 +0000

    Set debhelper-compat version in Build-Depends.
    
    Changes-By: lintian-brush
    Fixes: lintian: uses-debhelper-compat-file
    See-also: https://lintian.debian.org/tags/uses-debhelper-compat-file.html

commit 1d3a82b28e88c9f3fcc3f73470b3ea651d3dc720
Author: Federico Ceratto <federico.ceratto@gmail.com>
Date:   Sun Jan 31 22:11:02 2021 +0000

    Bump debhelper from old 11 to 13.
    
    Changes-By: lintian-brush
    Fixes: lintian: package-uses-old-debhelper-compat-version
    See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html

commit 3e3800cfa770e8f2a07875b478f3c9d2ac1d95e6
Author: Federico Ceratto <federico.ceratto@gmail.com>
Date:   Sun Jan 31 22:10:58 2021 +0000

    Update watch file format version to 4.
    
    Changes-By: lintian-brush
    Fixes: lintian: older-debian-watch-file-standard
    See-also: https://lintian.debian.org/tags/older-debian-watch-file-standard.html

commit fe8a5062a7f3ebea29d847ffbb5a89ab3e0ab152
Author: Federico Ceratto <federico.ceratto@gmail.com>
Date:   Sun Jan 31 22:10:51 2021 +0000

    Trim trailing whitespace.
    
    Changes-By: lintian-brush
    Fixes: lintian: trailing-whitespace
    See-also: https://lintian.debian.org/tags/trailing-whitespace.html

commit 4335905b2f01e7e7dd72c0e0eef7e1aa9b5002b9
Author: Dominik George <natureshadow@debian.org>
Date:   Mon Nov 23 00:23:28 2020 +0100

    Fix typo in changelog

commit 38aabd3f30a9ea96ccf0eabcca5ebeb8d8bb46a3
Author: Dominik George <natureshadow@debian.org>
Date:   Sun Nov 22 22:17:04 2020 +0100

    Fix not-binnmuable-all-depends-any

commit 1138da50c00a6286419a96bf00f59114dec44b22
Author: Dominik George <natureshadow@debian.org>
Date:   Sun Nov 22 19:57:43 2020 +0100

    Fix typo

commit ab2038d85130fdc4c68faf0a4fece53549746b03
Author: Dominik George <natureshadow@debian.org>
Date:   Sun Nov 22 18:37:23 2020 +0100

    Build godot3-dev package

Created: 2020-11-23 Last update: 2021-12-02 18:14

lintian reports 67 warnings normal

Lintian reports 67 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2021-10-13 21:31

AppStream hints: 1 warning normal

AppStream found metadata issues for packages:

godot3: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2018-11-25 Last update: 2020-10-29 13:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2021-10-29 Last update: 2021-10-29 09:03

3 low-priority security issues in buster low

There are 3 open security issues in buster.

3 issues left for the package maintainer to handle:

CVE-2019-10069: (needs triaging) In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
CVE-2021-26825: (needs triaging) An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
CVE-2021-26826: (needs triaging) A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-08-15 00:00

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:

CVE-2021-26825: (needs triaging) An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
CVE-2021-26826: (needs triaging) A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-08-14 Last update: 2021-08-15 00:00

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2020-02-26 Last update: 2020-11-16 06:52

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.0).

Created: 2020-11-17 Last update: 2021-08-18 14:02

news

[rss feed]

[2021-02-07] godot 3.2.3-stable-1 MIGRATED to testing (Debian testing watch)
[2020-10-28] Accepted godot 3.2.3-stable-1 (source amd64) into unstable (Dominik George)
[2020-03-30] godot 3.2-stable-2 MIGRATED to testing (Debian testing watch)
[2020-03-25] Accepted godot 3.2-stable-2 (source) into unstable (Juhani Numminen) (signed by: Adam Borowski)
[2020-03-05] godot 3.2-stable-1 MIGRATED to testing (Debian testing watch)
[2020-02-29] Accepted godot 3.2-stable-1 (source) into unstable (Federico Ceratto)
[2018-12-17] godot 3.0.6-2 MIGRATED to testing (Debian testing watch)
[2018-12-02] Accepted godot 3.0.6-2 (source) into unstable (Federico Ceratto)
[2018-11-24] Accepted godot 3.0.6-1 (source amd64) into unstable, unstable (Federico Ceratto)

bugs [bug history graph]

all: 4
RC: 0
I&N: 2
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (0, 67)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 48)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.2.3-stable-1
1 bug